Scan does not complain about a misssing subject
gerritgriebel opened this issue · comments
Our Let's encrypt certificate was lacking a subject and the scan did not complain about it:
Browser did not complain as well. But a customer with Windows 10 Kaspersky firewall enabled told us, that our website was rated insecure and adding a subject helped. You may want to add a warning for empty subject.
I am not related to SSLlabs but allow me to chime in....
Kaspersky is not by any means a Gold standard here. There are such things as internet standards (RFCs) . I suppose you can read German: https://www.heise.de/hintergrund/Chrome-blockt-ab-sofort-Zertifikate-mit-Common-Name-3717594.html . Also if your CSR was messed up I supposed LE wouldn't have signed it.
TL;DR: In 2000 it was labeled as deprecated (https://datatracker.ietf.org/doc/html/rfc2818#section-3.1). Why don't you file a complaint at Kaspersky and ask in which decade their assessment was based on?
Thanks a lot for your helpful answer and yes I can read German :) We don't use Kaspersky but customers of our customers do and one of them complained. We can't change Kaspersky but we were able to fix it for our customers customer it by adding the Subject and CN. SSL labs may just close this issue or decide on some help or warnings.
As explained and shared @drwetter Subject and CN is no more checked by major browsers/client hence we do not give any warning or error on it.
From SSLLabs, we will not be showing anything for it as it is deprecated as per RFC. Hence closing the issue
Regards,
Nauman Shah