[openssl-dev] [openssl.org #2590] change commonName entry for default openssl config file
Richard Levitte via RT
rt at openssl.org
Mon May 16 14:02:41 UTC 2016
There's no *requirement* in X.509 to have the host name in the CN. As a matter
of fact, there are X.509v3 extensions that are better suited for this purpose.
Closing ticket.
On Wed Aug 31 07:03:17 2011, dtauerbach at gmail.com wrote:
> Hi,
>
> This is just a minor thing that always bugs me whenever I install openssl;
> by default the openssl configuration file (/etc/ssl/openssl.cnf) has the
> following line:
>
> "commonName = Common Name (eg, YOUR name)"
>
> Sometimes when I'm installing a certificate I accidentally forget to write
> my host name given this prompt (as I just did a few minutes ago). I'd
> suggest
>
> "commonName = Common Name (your host name)"
>
> since the X.509 format of course requires the CN to be the host. I suspect
> this default configuration file is being copied from apps/openssl.cnf,
> though I confess this is just based on a diff without looking too closely.
> This is of course very minor, but an easy change so I hope you'll consider
> it to save lots of future idiots like me 30 seconds.
>
> (I am running Ubuntu 10.04 (old!) at the moment, and peeked at the source
> code from the openssl-fips-1.2.3.tar.gz tarball.)
>
> Thanks,
> Dan
--
Richard Levitte
levitte at openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2590
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list