On Fri, 28 Apr 2000, Pablo Manalastas wrote:
> In order to make a self-signed certificate for my web server
> I need to do a 'make certificate TYPE=custom'. I tried to play
> with the many different variations of responses to
> O, OU, and CN for both CA and Subject, and some combinations
> work and others do not. If the combination does not work,
> the browser says the certificate is invalid. I found that the
> following works:
>
> CA certificate:
>
> O (organization) = host.com
> OU (organization unit) = SomeName CA
> CN (common name) = SomeName CA
> Email = [EMAIL PROTECTED]
>
> Subject (server) certificate:
>
> O (organization) = host.com (must be same as above)
> OU (organization unit) = SomeName Web
> CN (common name) = SomeName Web
> Email = [EMAIL PROTECTED]
>
> Exactly what are the rules for assigning these names so that
> the result is a valid certificate? What other combination of
> names are valid?
>
> Thanks.
'O' could be any organizational name for both CA and server.
The only thing to note is the CN for the server, which should
be the same as the host in the URI, or else a warning would show
up.
-
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
