[TriLUG] any OpenSSL/cert experts out there?

Greg Brown via TriLUG trilug at trilug.org
Thu May 21 13:58:39 EDT 2015 

That's roughly how I built my .csr.  Can you check a .csr that has been
used to generate a signed cert and see if the CN fields match in both?  I
am very curious.

On Thu, May 21, 2015 at 1:55 PM, Mauricio Tavares <raubvogel at gmail.com>
wrote:

> On Thu, May 21, 2015 at 1:42 PM, Greg Brown via TriLUG
> <trilug at trilug.org> wrote:
> > I have a question related to SSL running on a Linux host.  I created a
> .csr
> > file that I sent off to have signed.  One of the fields in the csr is
> "CN"
> > which, to the best of my understanding, should be the FQDN of the host on
> > which the cert will live.
> >
> > If I check the csr this is what I get (with data scrubbed a bit):
> >
> > openssl req -text -noout -verify -in my.csr
> >
> > ...
> > Subject: C=US, ST=North Carolina, L=DURHAM, O=MYORG, OU=MYOU, CN=
> > MY.FULLY.QUALIFIED.HOSTNAME.EDU
> > ...
> >
> > However if I check the resulting .cer
> >
> > openssl x509 -in my.fullyqualified.hostname.edu.cer -text -noout | grep
> CN
> >
> > the CN line reads:
> > ...
> >         Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network,
> > CN=AddTrust External CA Root
> >         Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network,
> > CN=AddTrust External CA Root
> >                 DirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP
> > Network/CN=AddTrust External CA Root
> >
> > ...
> >
> > That's not right, is it?
> >
> > Any thoughts, pointers, etc greatly appreciated.  As you probably can
> tell
> > I've never installed a signed cert before.
> >
>       I usually create mine like this
>
> openssl req \
>  -new -newkey rsa:2048 -nodes \
>  -out ${FQDN}.csr \
>  -subj "/C=US/ST=NC/L=Raleigh/O=EvilCorp, Inc./OU=IT/CN=$FQDN" \
>  -key ${FQDN}.key
>
>
>
> > Greg
> > --
> > This message was sent to: raubvogel at gmail.com <raubvogel at gmail.com>
> > To unsubscribe, send a blank message to trilug-leave at trilug.org from
> that address.
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/raubvogel%40gmail.com
> > Welcome to TriLUG: http://trilug.org/welcome
>

More information about the TriLUG mailing list