httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pete Houston <...@openstrike.co.uk>
Subject Re: [users@httpd] https
Date Fri, 04 Apr 2014 12:37:44 GMT
From the openssl documentation at http://www.openssl.org/docs/apps/req.html
is this list of example field values:

 [ req_distinguished_name ]
 C                      = GB
 ST                     = Test State or Province
 L                      = Test Locality
 O                      = Organization Name
 OU                     = Organizational Unit Name
 CN                     = Common Name
 emailAddress           = test@email.address

Note that this is a copy of the req man page which you referred to
says. In the case of a server certificate, the Common Name is the FQDN
of the server, eg: www.example.com. The "company name" which you refer
to below] should always go in the O field.

There's also some really good documentation on the apache site at
http://httpd.apache.org/docs/2.4/ssl/ssl_intro.html which I would
recommend going through if all this is new to you.

HTH,

Pete

On Fri, Apr 04, 2014 at 06:47:47PM +0700, Andy Canfield wrote:
> Well, "a while" turned out to be one day. Stuck again.
> 
> I found a web page that had some info on it, It shows a command (openssl
> req) to create a privately signed SSL key. Unfortunately, it doesn't
> explain that command, but 'man req 1' has more information such as what
> '-x509' does for me (this has got to be one of the greatest parameter
> keywords of all time). However, the example include this on the openssl
> command line:
> 
>     -subj /O=VirtualH/OU=Virtual/CN=127.0.0.1
> 
> The man req 1 page says this consists of a subject line with sub-options
> /O as "VirtualH", /OH as "Virtual", and "CN" as "127.0.0.1", and no
> blanks. But I can find nothing, NOTHING, that explain what the
> suboptions of the -subj parameter are. What is O? What is OU? What is
> CN? Is 'VirtualH' a name for the virtual host? Where is that documented,
> does anyone know?
> 
> I'd like to get the company name into that certificate somewhere, but
> don't yet see how.
> 
> Thank you.

-- 
Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107

Mime
View raw message