I'm SSL-enabling an Apache server. I'm having confusion over the "common name" field to use in creating the Certificate Signing Request, using openSSL. My Apache server is running on a host with a host name something like "myserver.mydomain.com". But an alias DNS name is defined for accessing the web site, something like "othername.alternatedomain.com", so users will be accessing the site using https://othername.alternatedomain.com/... My question is whether the common name field used for creating CSR should use the host name, myserver.mydomain.com, or the DNS name used for accessing the web site, othername.alternatedomain.com . Thanks
Common name field is used to generate the CSR key on which you want SSL like if you want SSL on domian.com (https://domain.com) then enter domain.com in common name. If you want to install SSL on sub domain enter subdomainname.domain.com Kailash
The CN of your certificate should match what your users will enter into their browsers. The browser checks the CN of the certificate against the FQDN of the URL... ie: certificate CN = www.google.com address = https://www.google.com MATCHES. If you tried https://google.com, you'll get an error as 'google.com' and 'www.google.com' aren't the same. You can always use things like http://csrdecoder.com/ to check your CSR before you send it to the CA for signing.