[lug] self-signed apache certs on fedora core?

David L. Anselmi anselmi at anselmi.us
Thu Sep 8 18:47:05 MDT 2005


D. Stimits wrote:
> Craig wrote:
> 
>> Kind of an aside/plug -- CAcerts <cacert.org> is pretty cool. It's a free
>> certification authority. I wish browsers would pick up it's root
>> certificate, but it's easy enough to install if you know how.
> 
> I plan to keep them in my notes. Unfortunately though, I'm just using a 
> dynamic IP on the Internet, and all access is for myself on a private 
> network.

I think you misunderstand how web servers use certs.  The cert CN has to 
match the domain name part of the URL the browser uses.  So it's 
generally bad to use an IP as a CN and generally irrelevant what IP a CN 
resolves to (except that it resolve to the server's current IP).

Dave



More information about the LUG mailing list