commonName empty

As stated in the following issue on GitHub, the commonName of the certificates being generated by the internal CA (Caddy CA or imported one) are empty. One of the developers mentioned that his is common practice for this type of software, as using commonName for verification is deprecated. Also, he noted that it is bad code to fill in this code as it is not advisable to do so.

Nonetheless, I think there should be a option in the tls section or in the global section which allows us to set the commonName to something like the SAN, the main argument being retroactive compatibility (and it does not cost us anything to make such an effort).

As a additional benefit, the certificates will display in Firefox and in Chromium with a name, as at the moment there is a white blank which is quite bothersome. I also read and share the opinion of the dev, as this issue shall be fixed by the developers of the certificate viewer, but it can be easily fixable by implementing such option for anyone who just wants to enable it.

If you have any other points to make, please, feel free to educate/illustrate me so.

Not really one of this project’s values. CommonName has been deprecated for longer than some of Caddy’s users have been alive.

The PKI ecosystem needs to catch up, it’s been over 20 years. File a bug with the browser to fix their display.

It is not so easy actually. CommonName has different stipulations (with regards to length, encoding, and semantics) than SANs do, making them tricky to work with correctly. It has been the cause of numerous bugs in both clients and CAs, including Let’s Encrypt.

CommonName is not something we will be implementing.