简介

SAN是x509的一个扩展允许在证书的subjectAltName字段中添加各种值，这些值称为Subject Alternative Names (SANs)。这些名称可以包含如下内容：

Email addresses 邮件地址
IP addresses IP地址
URIs URI
DNS names: this is usually also provided as the Common Name RDN within the Subject field of the main certificate.需要证书保护的其他域名
Directory names: alternative Distinguished Names to that given in the Subject.
Other names, given as a General Name or Universal Principal Name: a registered object identifier followed by a value.

SAN扩展需要绑定额外信息到证书的subject DN ,主要信息如下：

DNS Name
RFC822 Name

DNS name

DNS name包含证书颁发的域名，下图DNS name展示了证书颁发的域名，域名可以是多个

CA机构可以提供多种类型的证书，比如：

Single domain SSL certificates
Multiple domains SSL certificates
Multiple sub domains SSL certificates
Wild card SSL certificates
OV SSL certificates (To be discussed later)
EV SSL certificates (To be discussed later)

上述不同类型的证书中，除了certificate policy/vetting procedure不同外，其他不同就是SAN扩展下的DNS name的值不同了。

单域名证书，DNS name的值只有一个

多域名证书，DNS name至少有两个值

子域名证书，DNS name出现多个子域名

通配符证书，无数个域名或子域名

在上面的通配符证书中，可接受的域名是

www.test.com
blog.test.com
web.test.com

等。多域名，子域名或通配符证书的好处是只需要购买单个证书。当这个SSL证书出示给浏览器的时候，如果从证书中得到的域名是证书中DNS name列表中之一时，则浏览器会接受证书，否则浏览器会发出警告。

RCF822 Name

RFC822 Name包含了证书办法对象的邮件地址。此结构可以出现在文档签名，邮件签名，SSL客户端认证证书中，如下图所示：

上图中的证书，SAN扩展进一步包含了RFC822 Name信息，RFC822 Name的值包含了证书办法对象的邮件地址。

证书结构

X.509 v3数字证书的结构如下：

Certificate
- Version Number
- Serial Number
- Signature Algorithm ID
- Issuer Name
- Validity period
  - Not Before
  - Not After
- Subject name
- Subject Public Key Info
  - Public Key Algorithm
  - Subject Public Key
- Issuer Unique Identifier (optional)
- Subject Unique Identifier (optional)
- Extensions (optional)
  - …
Certificate Signature Algorithm
Certificate Signature

每个扩展都有自己唯一的ID，称为object identifier(OID),OID由critical indication或non-critical indication与一组值构成。证书使用系统必须拒绝证书，如果不识别critical extension，或者是critical extension包含不能处理的信息。non-critical extension如果不识别的话可以忽略，如果识别就必须处理。

version 1的结构由RFC 1422给出。

证书使用的扩展信息

RFC 5280定义了证书扩展的一个数值，用于标识证书应该如何被使用。

Basic Constrains:用于标识证书是否是CA证书或是否可以签发其他证书
Key Usage:提供了一个bitmap,指定了证书中公钥加密操作；比如key可以用于签名，但不能用于加密
Extended Key Usage：标识证书中公钥的使用目的

通常情况下，在使用RFC 5280的时候，如果证书使用了几个扩展约束，对于给定的使用情况，所有的约束都应该是满足的。RFC给出了证书同时包含KeyUsage和extendedKeyUsage的使用示例。

证书扩展验证

实际中，DV证书意思是证书颁发给域名的；EV证书意思是证书颁发给域名为example.com，且公司名称为xxx,域名拥有者xxx,域名拥有者xxx通过Articles of Incorporation验证

证书文件扩展名

x.509证书文件有几个常用的扩展名，但不幸的是这些扩展名也用了其他数据如私钥

.pem – (Privacy-enhanced Electronic Mail) Base64 encoded DER certificate, enclosed between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–”
.cer, .crt, .der – usually in binary DER form, but Base64-encoded certificates are common too (see .pem above)
.p7b, .p7c – PKCS#7 SignedData structure without data, just certificate(s) or CRL(s)
.p12 – PKCS#12, may contain certificate(s) (public) and private keys (password protected)
.pfx – PFX, predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., with PFX files generated in IIS)

PKCS#7 is a standard for signing or encrypting (officially called “enveloping”) data. Since the certificate is needed to verify signed data, it is possible to include them in the SignedData structure. A .P7C file is a degenerated SignedData structure, without any data to sign.[citation needed]

PKCS#12 evolved from the personal information exchange (PFX) standard and is used to exchange public and private objects in a single file.[citation needed]

X509证书示例

这里是一个wikipedia.org和几个其他Wikipedia网站使用的X.509证书解码后的示例。Issuer字段表明证书的颁发者为GlobalSign,Subject字段描述了Wikipedia是一个组织，SAN字段的DNS部分描述了可以使用的主机名称。Subject Public Key Info字段包含了一个ECDSA public key，而底部的签名则是由GlobalSign’s RSA private key生成的。

End-entity certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:04:54:08:f9:ff:10:92:e1:69:fe:49:8f:78:d3:6d:dc:47
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = R3
        Validity
            Not Before: Jul 15 08:01:49 2021 GMT
            Not After : Oct 13 08:01:48 2021 GMT
        Subject: CN = *.wikipedia.org
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:a5:9a:47:b2:d3:fc:a7:df:de:f6:cb:45:62:0a:
                    d3:c1:a7:38:de:20:bd:d7:10:7d:58:73:de:8d:a1:
                    99:70:0c:dd:ab:91:3f:0e:83:97:1b:4f:a2:99:f3:
                    f8:30:73:ef:da:be:91:25:18:7a:d6:da:bf:e5:e9:
                    72:a3:41:31:7a
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                08:0E:29:26:07:E9:B4:5B:63:2D:86:5D:F6:E2:5A:8C:CD:6A:D0:A7
            X509v3 Authority Key Identifier:
                keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

            Authority Information Access:
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/

            X509v3 Subject Alternative Name:
                DNS:*.m.mediawiki.org, DNS:*.m.wikibooks.org, DNS:*.m.wikidata.org, DNS:*.m.wikimedia.org, DNS:*.m.wikinews.org, DNS:*.m.wikipedia.org, DNS:*.m.wikiquote.org, DNS:*.m.wikisource.org, DNS:*.m.wikiversity.org, DNS:*.m.wikivoyage.org, DNS:*.m.wiktionary.org, DNS:*.mediawiki.org, DNS:*.planet.wikimedia.org, DNS:*.wikibooks.org, DNS:*.wikidata.org, DNS:*.wikimedia.org, DNS:*.wikimediafoundation.org, DNS:*.wikinews.org, DNS:*.wikipedia.org, DNS:*.wikiquote.org, DNS:*.wikisource.org, DNS:*.wikiversity.org, DNS:*.wikivoyage.org, DNS:*.wiktionary.org, DNS:*.wmfusercontent.org, DNS:mediawiki.org, DNS:w.wiki, DNS:wikibooks.org, DNS:wikidata.org, DNS:wikimedia.org, DNS:wikimediafoundation.org, DNS:wikinews.org, DNS:wikipedia.org, DNS:wikiquote.org, DNS:wikisource.org, DNS:wikiversity.org, DNS:wikivoyage.org, DNS:wiktionary.org, DNS:wmfusercontent.org
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : F6:5C:94:2F:D1:77:30:22:14:54:18:08:30:94:56:8E:
                                E3:4D:13:19:33:BF:DF:0C:2F:20:0B:CC:4E:F1:64:E3
                    Timestamp : Jul 15 09:01:49.274 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:88:0F:F3:F1:BC:A3:AD:B8:7B:FD:C2:
                                A6:6A:4B:7C:1F:35:18:7B:3F:18:F6:43:29:46:F6:C2:
                                DD:15:63:C1:5D:02:21:00:CF:E0:1F:3D:E7:4A:37:C6:
                                CD:E5:BC:CD:99:FE:9C:F1:F7:EA:04:2D:97:DA:C2:74:
                                A6:30:37:57:F0:32:82:73
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
                                15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
                    Timestamp : Jul 15 09:01:50.105 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:37:BC:8F:6A:BA:FA:AC:0B:3B:4C:3F:C8:
                                C2:AB:EA:3B:60:DE:A8:AB:44:72:E5:43:6A:E0:0A:24:
                                32:49:7F:30:02:20:11:AF:F7:67:43:81:07:C7:FB:B6:
                                89:55:0B:74:58:61:76:FB:62:FF:F4:C9:D0:C6:A7:43:
                                63:98:4C:F5:4C:7E
    Signature Algorithm: sha256WithRSAEncryption
         8e:f4:d1:85:9c:96:e8:63:d0:38:fd:7a:cc:d5:ad:b2:06:b4:
         4a:cf:3d:5a:b9:c2:28:3d:58:57:8a:55:42:ec:99:d3:ca:4f:
         ec:97:c0:10:73:77:43:5c:74:be:7e:2a:89:d8:fa:86:2f:8d:
         d3:57:99:67:3a:f6:28:6c:d1:26:29:ce:cf:7e:96:bd:34:0e:
         86:98:b3:0b:2e:28:dc:5b:46:77:32:a7:d9:b1:e6:de:e9:9a:
         2b:5d:03:f2:e0:07:12:03:d9:03:a8:ef:47:60:16:55:2a:32:
         53:c9:b3:4c:54:99:e0:98:d6:5f:1a:94:1c:6c:c5:e9:13:f7:
         08:c7:b6:b5:dd:d8:2b:b5:b7:2e:ba:cb:0b:2d:be:50:c6:85:
         0d:22:46:5e:e6:5f:b7:d4:86:45:d8:a4:bf:80:18:6e:46:96:
         d1:76:93:f5:40:e2:15:18:be:e0:cb:5f:cd:d0:4f:fa:ca:76:
         68:ba:94:c4:1d:1a:0e:3d:3b:ef:ed:1e:29:38:1d:22:bb:8b:
         96:71:55:b7:e4:8b:31:34:ec:63:09:e9:1c:d8:2f:f8:9a:b7:
         78:dc:33:c9:4e:84:85:03:0b:c5:52:af:9e:b0:6a:dc:fe:9e:
         89:2f:17:40:69:74:74:65:37:38:b4:28:23:01:01:81:19:23:
         23:cd:75:a0

为了沿着end-entity的证书，需要一个匹配Issuer和Authority Key Identifier中间证书：

Issuer	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
Authority Key Identifier	14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

在TLS连接的过程中，一个正确配置的服务器会提供中间证书作为握手的一部分。但也可以从end-entity证书中的”CA Issuers”URL中提取中间证书。

Intermediate certificate中间证书

这里是一个中间证书的示例，它签发了上面的end-entity证书，而自己是由后面的根证书签发的。需要指出的是中检证书的subject字段配置end-entity证书的issuer字段；同时中间证书的”subject key identifier”字段与end-entity证书的”authority key identifier”字段一致。

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:00:00:00:00:01:44:4e:f0:42:47
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
        Validity
            Not Before: Feb 20 10:00:00 2014 GMT
            Not After : Feb 20 10:00:00 2024 GMT
        Subject: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c7:0e:6c:3f:23:93:7f:cc:70:a5:9d:20:c3:0e:
                    ...
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Subject Key Identifier:
                96:DE:61:F1:BD:1C:16:29:53:1C:C0:CC:7D:3B:83:00:40:E6:1A:7C
            X509v3 Certificate Policies:
                Policy: X509v3 Any Policy
                  CPS: https://www.globalsign.com/repository/

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.globalsign.net/root.crl

            Authority Information Access:
                OCSP - URI:http://ocsp.globalsign.com/rootr1

            X509v3 Authority Key Identifier:
                keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B

    Signature Algorithm: sha256WithRSAEncryption
         46:2a:ee:5e:bd:ae:01:60:37:31:11:86:71:74:b6:46:49:c8:
         ...

根证书

自签的根证书代表CA。它的issuer字段与subject字段相同，其签名可以通过自己的公钥验证。信任链的验证到这里就结束了。如果验证程序在信任库中存在此根证书，则end-entity的证书可以被认为是可信的，能用于TLS链接，否则end-entity证书就是不可信的

Certificate:[15]
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:00:00:00:00:01:15:4b:5a:c3:94
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
        Validity
            Not Before: Sep  1 12:00:00 1998 GMT
            Not After : Jan 28 12:00:00 2028 GMT
        Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:da:0e:e6:99:8d:ce:a3:e3:4f:8a:7e:fb:f1:8b:
                    ...
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
    Signature Algorithm: sha1WithRSAEncryption
         d6:73:e7:7c:4f:76:d0:8d:bf:ec:ba:a2:be:34:c5:28:32:b5:
         ...

Reference

http://www.pkiglobe.org/subject_alt_name.html
https://en.wikipedia.org/wiki/X.509
https://en.wikipedia.org/wiki/Subject_Alternative_Name