I’m trying to find-out how important the “ID type” for a SSL certificate is. I’m trying to generate a cert from my firewall to upload to a CA, but having trouble deciding if I should choose an IP, a domain name, or email for the ID Type (subject information).
Any insight to choosing which one would help (particularly if there is a best practice for VPN SSL certificates).
Most likely you’ll want to use a Domain Name as the subject – but it depends what exactly you’re wanting to encrypt using this certificate.
The most common case is access to an SSL port from the internet, for something like SSL-based VPN or an encypting reverse proxy; for that, you’ll want the use a Domain Name subject type, and for the data in the subject field you’ll want to use the DNS name that clients will be using to access the server – for the VPN use case, that might be something like
Let us know what the certificate’s going to be for, and we can be more specific.
Leave a comment
- Windows File Permissions and Attributes
- What is the easiest way to upgrade my existing Perl 5.14 to Perl 5.16 on FreeBSD 9 using the ports system?
- Know if mysql has done its job
- Redirect https .com to https .co.uk without a valid SSL cert on .com without DNS change
- Why is it a bad idea to use customer email as from address