5Eyl
Is missing SAN in certificate a security issue?
I am running testssl scan on an http port, after running the scan I got some errors highlighted in red. The main one that I noticed is that certificate does not have SAN.
testlssl output: subjectAltName (SAN) missing (NOT ok) -- Browsers are complaining Trust (hostname) certificate does not match supplied URI (same w/o SNI)
I tried to read the certificate and indeed it does not have SAN, but it has CN name. Is this considered as a security risk ?
