FQDN

A fully qualified domain name (FQDN) is the complete domain name for a specific computer, or host, on the internet. For a X.509 certificate, the FQDN validation validates the common name field (CN) of that certificate's subject distinguished name and the subjectAltName extension of type dNSName (SAN:dNSName). AsyncOS validates the domain name and the certificates for the common name and SAN:dNSName in its fields. Preferably the SAN:dNSName names are used. Examples of valid FQDN include example.com, *.example.com.

The criteria for FQDN compliance includes:

• Either the CN or the SAN:dNSName should be present in the certificate and AsyncOS mandates that either one should be FQDN compliant.

• Both the CN and SAN:dNSName are present in the certificate and AsyncOS mandates that both should be FQDN compliant.

The variants include:

• Validation on Peer Certificate

• Custom CA Validation

• Appliance Certificate Validation

When you perform an add or import of the appliance certificate, Cisco Secure Email and Web Manager performs FQDN validation on the certificate when its FQDN validation is enabled and during the peer certificate validation of the server. All detailed logging is tracked in the Cisco Secure Email and Web Manager system.current or gui.current log files. However; Cisco Secure Email and Web manager does not enable you to import a certificate that does not have a common name (CN) and has an alternate subject name without a critical extension.