There's no *requirement* in X.509 to have the host name in the CN. As a matter of fact, there are X.509v3 extensions that are better suited for this purpose.
Closing ticket. On Wed Aug 31 07:03:17 2011, dtauerb...@gmail.com wrote: > Hi, > > This is just a minor thing that always bugs me whenever I install openssl; > by default the openssl configuration file (/etc/ssl/openssl.cnf) has the > following line: > > "commonName = Common Name (eg, YOUR name)" > > Sometimes when I'm installing a certificate I accidentally forget to write > my host name given this prompt (as I just did a few minutes ago). I'd > suggest > > "commonName = Common Name (your host name)" > > since the X.509 format of course requires the CN to be the host. I suspect > this default configuration file is being copied from apps/openssl.cnf, > though I confess this is just based on a diff without looking too closely. > This is of course very minor, but an easy change so I hope you'll consider > it to save lots of future idiots like me 30 seconds. > > (I am running Ubuntu 10.04 (old!) at the moment, and peeked at the source > code from the openssl-fips-1.2.3.tar.gz tarball.) > > Thanks, > Dan -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2590 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
