Before Debian, what Linux distribution you were using ?
Red Hat / Fedora Mandrake Suse Slackware Gentoo LFS Always been with Debian Other ( 45 votes ~ 5 comments )
You are not currently logged in. If you do not have a user account then please consider creating one and logging in before you post your comment. This will allow you to track replies to your comment, and take part in the site much more freely.
To add your comment, fill in all the boxes below and then preview it to make sure you're happy with the way that it looks.
This is the comment you were replying to, attached to the article Creating and Using a self signed SSL Certificates in debian:
#5 Re: Creating and Using a self signed SSL Certificates in debian Posted by Arto (213.250.xx.xx) on Fri 4 Nov 2005 at 16:51 Thanks for article, that came in handy as I'm just finishing setting up a new Debian server and will need to create the SSL certificates next. It's amazing, though, how difficult providing an encrypted data channel has been made; no doubt the problem lies in the fact that certificates try to go beyond just encryption, and provide some unrealistic measure of "trust" as well. Well, it's a good business to some, that's for sure. It's been a while since I played around with these things, so just one question: The Common Name must be (or the IP address must resolve to) the server name your clients use to contact your host. If this does not match, every time they connect your clients will get a message asking them if they want to use this server. Does this mean that if I create a CSR bound to an IP address instead of a host name, the clients won't get any complaints regardless of the host name (smtp.sample.com, mail.sample.com, or so forth) they use to access the server, as long as the host names resolve to the same IP?
Thanks for article, that came in handy as I'm just finishing setting up a new Debian server and will need to create the SSL certificates next.
It's amazing, though, how difficult providing an encrypted data channel has been made; no doubt the problem lies in the fact that certificates try to go beyond just encryption, and provide some unrealistic measure of "trust" as well. Well, it's a good business to some, that's for sure.
It's been a while since I played around with these things, so just one question:
The Common Name must be (or the IP address must resolve to) the server name your clients use to contact your host. If this does not match, every time they connect your clients will get a message asking them if they want to use this server.
Does this mean that if I create a CSR bound to an IP address instead of a host name, the clients won't get any complaints regardless of the host name (smtp.sample.com, mail.sample.com, or so forth) they use to access the server, as long as the host names resolve to the same IP?
Posting Format:
Inappropriate comments will be removed.
Some help on entry formatting is available
Username:
Password:
[ Advanced Login ]
Register Account
