On Tue, Nov 24, 1998, S.T. Wong wrote:
> I'm new to ssl. I'd like to know what to put in subject name of a certificate.
The Subject of a certificate is the _owner_ of the certificate, i.e. in
context of an SSL webserver the DN which described the server. The DN here is
usually something like
/C=XY /ST=Snake Desert /L=Snake Town
/O=Snake Oil, Ltd /OU=Webserver Team /CN=www.snakeoil.dom
where CN is the most important part: it's the FQDN of the webserver. But when
you use mod_ssl's "make certificate" procedure to generate your server
certificate you get reasonable sample/defaults. Just adapt these
sample/defaults to your local situation and you get a reasonable Subject DN.
> Some documents mention that it's the DN.
> Does this DN correspond to entry
> in my LDAP DIT ?
Yes, DN stands for Distinuished Name here, too. And it's really a X.509 DN
which is also used by LDAP (because LDAP is based on the X.500/X.509 scheme,
too). So the Subject DN of your server _can_ correspond to the DN in your LDAP
database when you have an entry for your server there. But it hasn't, of
course. Because SSL is independent of LDAP/X.500. It just uses certificates
which are based on the the same X.509 standard.
> Can I have different DNs in LDAP and certificate?
> I apologize for any faq.
Sure. Apache+mod_ssl doesn't query your LDAP database...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
