[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: certificate server

Quoting Jeff (debian0309@aquabolt.com):

> The use of Client is confusing - you actually appear to be generating
> what I would call a self-signed server certificate for installation on
> one specific webserver. This is for authenticating this signel Server
> to clients that browse your website using HTTPS.

That happens to explicitly _be_ the entire context of the article.  I
have a difficult time believing that anyone could be confused by it:
The reader would basically have to be ignoring important parts of the text.

> All sounds good for a single self-signed server certificate, but you
> would not want to do this if you have 10s of web servers.

Indeed.

> We use our CA - ie Certificate Authority to sign the web server keys,
> as we have lots of web servers. 

However, my document is about self-signing.  Thus the filename, which
you may not have noticed.

> * Important that during CSR the Common Name match the web server name
> that browsers will use.

Indeed.  I've been intending to revise my article to insert mention of
that fact.  Thanks for the reminder.

-- 
Cheers,                             * Contributing Editor, Linux Gazette *
Rick Moen                       -*- See the Linux Gazette in its new home: -*-
rick@linuxmafia.com                       <http://linuxgazette.net/>
Reply to: