[TriLUG] any OpenSSL/cert experts out there?
Greg Brown via TriLUG
trilug at trilug.org
Thu May 21 13:42:51 EDT 2015
I have a question related to SSL running on a Linux host. I created a .csr
file that I sent off to have signed. One of the fields in the csr is "CN"
which, to the best of my understanding, should be the FQDN of the host on
which the cert will live.
If I check the csr this is what I get (with data scrubbed a bit):
openssl req -text -noout -verify -in my.csr
...
Subject: C=US, ST=North Carolina, L=DURHAM, O=MYORG, OU=MYOU, CN=
MY.FULLY.QUALIFIED.HOSTNAME.EDU
...
However if I check the resulting .cer
openssl x509 -in my.fullyqualified.hostname.edu.cer -text -noout | grep CN
the CN line reads:
...
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network,
CN=AddTrust External CA Root
Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network,
CN=AddTrust External CA Root
DirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP
Network/CN=AddTrust External CA Root
...
That's not right, is it?
Any thoughts, pointers, etc greatly appreciated. As you probably can tell
I've never installed a signed cert before.
Greg
More information about the TriLUG
mailing list