[1] RFC 6125 - Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS) ( 版) <https://tools.ietf.org/html/rfc6125#section-1.8>
source domain: The fully qualified DNS domain name that a client
expects an application service to present in the certificate
(e.g., "www.example.com"), typically input by a human user,
configured into a client, or provided by reference such as in a
hyperlink. The combination of a source domain and, optionally, an
application service type enables a client to construct one or more
reference identifiers.