> > This 'Common Name' can be anything, openssl even says (eg, YOUR name).
> > Requests don't depend on hostnames since you may be moving the cert
> > from one machine to another. Openssl does generate proper requests.
> > Well apache/whatever accepts the certs anyways..
>> Its asks for the common name alright. Thats not the problem. It is
> _meant_ to also ask for "Server Host Name:", which the CA then uses
> when you paste the cert into their site. The printed example in the
> manual even shows it in a screen shot with this all the other questions.
> Without this, when you submit the cert, VeriSign and Thawte report a bad
> host name, and reject the certificate!
I can't try it now because I upgraded openssl from an RPM recently and just
found out that it's a little screwed up. AFAICR though - and I've only done
it successfully once, so I'm hardly an authority - it didn't ask for a
hostname, just a Common Name. Sean is right, the Common Name can be
anything, but I was under the impression that that's the name that appears
on the cert -- so if you put your name in there, and use it as a secure
server cert, it'll pop up an error saying that the name on the cert doesn't
match the hostname.
From the mod_ssl FAQ:
Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server
when OpenSSL prompts you for the "CommonName", i.e. when you generate a CSR
for a website which will be later accessed via https://www.foo.dom/, enter
I was in the same position myself the last time - the docs are misleading
and the OpenSSL docs are useful only to someone "up" on cryptography from
the off, but hey, secure.iewebs.com is working now huh? :) Like I said
though, I'm probably not the best qualified to answer, I'm just commenting
from my - limited - experience.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!