RFC 6125 is a RFC
describing: Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure
Using X.509 (PKIX
in the Context of Transport Layer Security
We refer you to the full text.
There might be more information for this subject on one of the following: