is a subject commonName required for CA certificates?

[mozkeeler]

Sections 7.1.2.1 and 7.1.2.2 of the BRs (v1.3.2) only mention that countryName and organizationName are required - am I missing something?

(See https://github.com/awslabs/certlint/blob/03521349a453a60072209d576c7539c6d6d43cf7/lib/certlint/cablint.rb#L133 )

[pzb]

I think that this is left from the old screwy definition of issuer name contents in the BRs from pre-1.2.4. The Microsoft root program requires Root CAs to have commonName but I don't see anything on non-root CA certificates.

[mozkeeler]

OK - thanks. For the Mozilla tool that uses certlint for new CA applicants, I'm thinking of making this error informational, since it doesn't apply to inclusion into our program.