subject alternative name

The subject alternative name (SAN) extension in X.509 certificates allows additional identities to be bound to a certificate beyond the common name. On Windows 7, a known issue causes name constraint validation to fail when a URN is specified in the subject alternative name. This can lead to certificate validation errors in environments that rely on name constraints for security. The problem is addressed by Microsoft in knowledge base article 2797120, which provides a hotfix for affected systems. Administrators managing certificate services or public key infrastructure on Windows should be aware of this limitation and apply the update to ensure proper validation of certificates containing URN-based subject alternative names.