You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Name Constraints can be used to limit the namespace a CA can issue certificates for. For example, one may have a trusted CA for *.iot.example.org without the CA being able to issue certificates for bank.example.com.
As for support, I found this document from 2016 stating
As of now, Windows CryptoAPI and OpenSSL fully support Name Constraints certificate extension. However, neither of Apple products: Mac OS X, nor iOS does support this extension. Since, Name Constraints is always marked critical, Apple products will reject any certificate that contains Name Constraints extension in any certificate in the certificate chain.
The Archived Results from BetterTLS have more recent data.
The text was updated successfully, but these errors were encountered:
Name Constraints can be used to limit the namespace a CA can issue certificates for. For example, one may have a trusted CA for
*.iot.example.orgwithout the CA being able to issue certificates forbank.example.com.As for support, I found this document from 2016 stating
The Archived Results from BetterTLS have more recent data.
The text was updated successfully, but these errors were encountered: