LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Openssl with RH6.2 Secure Server

[ILUG] Openssl with RH6.2 Secure Server

adam beecher adam at iewebs.com
Mon Apr 24 23:25:00 IST 2000 

> >   This 'Common Name' can be anything, openssl even says (eg, YOUR name).
> >   Requests don't depend on hostnames since you may be moving the cert
> >   from one machine to another.  Openssl does generate proper requests.
> >   Well apache/whatever accepts the certs anyways..
>
> Its asks for the common name alright. Thats not the problem. It is
> _meant_ to also ask for "Server Host Name[]:", which the CA then uses
> when you paste the cert into their site. The printed example in the
> manual even shows it in a screen shot with this all the other questions.
> Without this, when you submit the cert, VeriSign and Thawte report a bad
> host name, and reject the certificate!
>

I can't try it now because I upgraded openssl from an RPM recently and just
found out that it's a little screwed up. AFAICR though - and I've only done
it successfully once, so I'm hardly an authority - it didn't ask for a
hostname, just a Common Name. Sean is right, the Common Name can be
anything, but I was under the impression that that's the name that appears
on the cert -- so if you put your name in there, and use it as a secure
server cert, it'll pop up an error saying that the name on the cert doesn't
match the hostname.

 From the mod_ssl FAQ:

http://www.modssl.org/docs/2.6/ssl_faq.html#ToC28

<QUOTE>
Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server
when OpenSSL prompts you for the "CommonName", i.e. when you generate a CSR
for a website which will be later accessed via https://www.foo.dom/, enter
"www.foo.dom" here.
</QUOTE>

I was in the same position myself the last time - the docs are misleading
and the OpenSSL docs are useful only to someone "up" on cryptography from
the off, but hey, secure.iewebs.com is working now huh? :) Like I said
though, I'm probably not the best qualified to answer, I'm just commenting
from my - limited - experience.

adam

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell