[lug] self-signed apache certs on fedora core?

D. Stimits stimits at comcast.net
Thu Sep 8 20:09:44 MDT 2005

David L. Anselmi wrote:
> D. Stimits wrote:
>> Craig wrote:
>>> Kind of an aside/plug -- CAcerts <cacert.org> is pretty cool. It's a 
>>> free
>>> certification authority. I wish browsers would pick up it's root
>>> certificate, but it's easy enough to install if you know how.
>> I plan to keep them in my notes. Unfortunately though, I'm just using 
>> a dynamic IP on the Internet, and all access is for myself on a 
>> private network.
> I think you misunderstand how web servers use certs.  The cert CN has to 
> match the domain name part of the URL the browser uses.  So it's 
> generally bad to use an IP as a CN and generally irrelevant what IP a CN 
> resolves to (except that it resolve to the server's current IP).

All I'm saying is that I don't have a domain, this is all on a private 
network without a real domain...I don't see any purpose in picking up a 
real cert for a non-routable private net...but for testing this out for 
future use on a public IP I need to know this. The web ports of the 
given web servers are not in any way accessible to the public.

D. Stimits, stimits AT comcast DOT net

More information about the LUG mailing list