FQDN not part of a certificate?
Volker Wysk
post at volker-wysk.de
Tue Aug 23 19:04:56 UTC 2022
Hi
I've created a new self-signed certificate for my box with this command:
openssl req -newkey rsa:4096 -x509 -sha512 -days 3650 \
-nodes -out NAME.crt -keyout NAME.key
I found the instructions here:
https
://linuxconfig.org/how-to-generate-a-self-signed-ssl-certificate-on-linux
It puzzles me, that the FQDN isn't queried. Only the "common name" is
queried, and this can, but doesn't need to be, the domain name of the
machine, which the certificate is for.
It really isn't in there. When I read out the certificate with "openssl x509
-noout -in NAME.crt -text", it doesn't show the domain name (just the "CN",
"common name").
In my understanding, the domain is a vital part of a certificate. Am I
wrong?
I've installed my new certificate and the new private key in
/etc/apache2/ssl. When I accessed my web server afterwards, I got a warning
from Firefox, saying that the certificate doesn't match the server name
(which was localhost).
You can export certificates from Firefox, which has a column "Server", but
when you inspect it, there isn't any domain name in it - only the "common
name".
Bye
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20220823/1dac6bfe/attachment.sig>
More information about the ubuntu-users
mailing list