test03A certificate is used to identify a server. In the web, the name in the certificate needs to match the host name in the URL you clicked on or entered into the web browser. There are situations when one name is not enough. A site can be reached as “http://www.example.com” as well as “http://example.com”. Because of this situation, certificates has an extension called Subject Alternative Name – SAN. One certificate can have many SANs.

test3-sanIt is important that your http client – the browser or the application – can verify these names. The certificate in test #3 has two names – one CN (Common Name) and one SAN. The SAN name is invalid, which means that the certificate in itself is invalid. Your client should not connect to this server.

 

Should fail