[cabfpub] .well-known and re-directs

Jeremy Rowley jeremy.rowley at digicert.com
Tue Jul 18 11:35:30 MST 2017


We recently encountered a reoccurring scenario while using .well-known to
validate a certificate. The customer is trying to validate basedomain.com
using http://basedomain.com/.well-known/pki-validation/[page
<http://basedomain.com/.well-known/pki-validation/%5bpage> ]. However, the
server redirects this to
https://www.basedomain.com/.well-known.pki-valdiation/[page
<https://www.basedomain.com/.well-known.pki-valdiation/%5bpage> ]  Because
basedomain.com cannot be used to verify www.basedomain.com
<http://www.basedomain.com> , the validation fails.  Is this the correct
result? Or is a returned random value through a re-direct sufficient to
verify the base domain? 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170718/d58465ad/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170718/d58465ad/attachment.p7s>


More information about the Public mailing list