In section 7.1 the allowed contents of the DN of several certificate profiles are documented.
For example, for the root CA certificate it says the following:
C=US, O=Internet Security Research Group or O=ISRG, and a meaningful CN
Here C=US means that the C/countryName field has the text value US.
For the subscriber certificate it says the following:
CN=none, or one of the values from the Subject Alternative Name extension
Here CN=none is not used to mean that the CN/commonName field contains the text value none, rather it's trying to communicate that the field may be entirely omitted.
I think it would be an improvement to reword this to not use the field=value format, but instead something like:
CN may be omitted or contains one of the values from the Subject Alternative Name extension
In section 7.1 the allowed contents of the DN of several certificate profiles are documented.
For example, for the root CA certificate it says the following:
Here C=US means that the C/countryName field has the text value
US.For the subscriber certificate it says the following:
Here CN=none is not used to mean that the CN/commonName field contains the text value
none, rather it's trying to communicate that the field may be entirely omitted.I think it would be an improvement to reword this to not use the
field=valueformat, but instead something like: