[TriLUG] any OpenSSL/cert experts out there?
Mauricio Tavares via TriLUG
trilug at trilug.org
Thu May 21 13:55:49 EDT 2015
On Thu, May 21, 2015 at 1:42 PM, Greg Brown via TriLUG
<trilug at trilug.org> wrote:
> I have a question related to SSL running on a Linux host. I created a .csr
> file that I sent off to have signed. One of the fields in the csr is "CN"
> which, to the best of my understanding, should be the FQDN of the host on
> which the cert will live.
>
> If I check the csr this is what I get (with data scrubbed a bit):
>
> openssl req -text -noout -verify -in my.csr
>
> ...
> Subject: C=US, ST=North Carolina, L=DURHAM, O=MYORG, OU=MYOU, CN=
> MY.FULLY.QUALIFIED.HOSTNAME.EDU
> ...
>
> However if I check the resulting .cer
>
> openssl x509 -in my.fullyqualified.hostname.edu.cer -text -noout | grep CN
>
> the CN line reads:
> ...
> Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network,
> CN=AddTrust External CA Root
> Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network,
> CN=AddTrust External CA Root
> DirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP
> Network/CN=AddTrust External CA Root
>
> ...
>
> That's not right, is it?
>
> Any thoughts, pointers, etc greatly appreciated. As you probably can tell
> I've never installed a signed cert before.
>
I usually create mine like this
openssl req \
-new -newkey rsa:2048 -nodes \
-out ${FQDN}.csr \
-subj "/C=US/ST=NC/L=Raleigh/O=EvilCorp, Inc./OU=IT/CN=$FQDN" \
-key ${FQDN}.key
> Greg
> --
> This message was sent to: raubvogel at gmail.com <raubvogel at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/raubvogel%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
More information about the TriLUG
mailing list