SSL Certificate creation – Which ID type to choose?
I’m trying to find-out how important the “ID type” for a SSL certificate is. I’m trying to generate a cert from my firewall to upload to a CA, but having trouble deciding if I should choose an IP, a domain name, or email for the ID Type (subject information).
Any insight to choosing which one would help (particularly if there is a best practice for VPN SSL certificates).
Most likely you’ll want to use a Domain Name as the subject – but it depends what exactly you’re wanting to encrypt using this certificate.
The most common case is access to an SSL port from the internet, for something like SSL-based VPN or an encypting reverse proxy; for that, you’ll want the use a Domain Name subject type, and for the data in the subject field you’ll want to use the DNS name that clients will be using to access the server – for the VPN use case, that might be something like vpn.example.com.
Let us know what the certificate’s going to be for, and we can be more specific.
Check more discussion of this question.
Related posts:
Leave a comment
Recent Posts
- Windows File Permissions and Attributes
- What is the easiest way to upgrade my existing Perl 5.14 to Perl 5.16 on FreeBSD 9 using the ports system?
- Know if mysql has done its job
- Redirect https .com to https .co.uk without a valid SSL cert on .com without DNS change
- Why is it a bad idea to use customer email as from address