SSL Certificate Common Name

In article <emN5hVIeDHA.1828.RemoveThis@TK2MSFTNGP09.phx.gbl>, "Keith W. McCammon"
<km.RemoveThis@km.com> wrote:
 >Not sure what you mean by "map." When you generate the CSR, you assign a
 >common name, which is how the cert is identified. There's no mapping that
 >takes place, aside from associating a cert with a given site.

And if that isn't clearly stated enough, let me go further.

When creating a server certificate, the common name must match the name that
your clients will use to connect you as. Many programs will report an error
in the certificate, if they connect to "mysite.example.com", and the
certificate they get back has a common name of "mysite", where it should be
"mysite.example.com".

There are wildcard certificates, but if you pay to get your certificate, you
will have to pay considerably more to get a wildcard certificate. Such a
certificate would have something like "*.example.com" as the common name.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at <a style='text-decoration: underline;' href="http://www.wftpd.com" target="_blank">http://www.wftpd.com</a> or email
1602 Harvest Moon Place | alun.RemoveThis@texis.com.
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: SSL Certificate Common Name 

And, a certificate can only be installed at the site level. After this, you now have SSL functionality. You do NOT have to require ssl, as
many people think that you do. If you require it, then you can only make an ssl connection to that resource, and port 80 will be shut
off for that resource. And in your common name, make sure you do not populate it with the following:

https://www.mysite.com
www.mysite.com/exchange

Only the root level domain, or if internal, a netbios name, such as:

www.mysite.com
or
mysite (again, this would be internal if the server had a WINS entry of mysite)

Thank you. I hope this information is helpful.

Tim Coffey [MSFT]

This posting is provided “AS IS” with no warranties, and confers no rights. You assume all risk for your use. © 2001 Microsoft
Corporation. All rights reserved.
--------------------
| Newsgroups: microsoft.public.inetserver.iis
| From: alun.DeleteThis@texis.com (Alun Jones [MS MVP])
| Subject: Re: SSL Certificate Common Name
| Organization: Texas Imperial Software
| References: <exfS$RIeDHA.3708@tk2msftngp13.phx.gbl> <emN5hVIeDHA.1828.DeleteThis@TK2MSFTNGP09.phx.gbl>
| X-Newsreader: News Xpress 2.01
| Lines: 27
| Message-ID: <1a58b.193$Zr2.14@newssvr22.news.prodigy.com>
| NNTP-Posting-Host: 66.141.49.130
| X-Complaints-To: abuse.DeleteThis@prodigy.net
| X-Trace: newssvr22.news.prodigy.com 1063313149 ST000 66.141.49.130 (Thu, 11 Sep 2003 16:45:49 EDT)
| NNTP-Posting-Date: Thu, 11 Sep 2003 16:45:49 EDT
| X-UserInfo1: TSU[@SBEYJSOBFD[LZKJOPHAWB\^PBQLGPQRZ_MHEQR@ETUCCNSKQFCY@TXDX_WHSVB]ZEJLSNY\^J
[CUVSA_QLFC^RQHUPH[P[NRWCCMLSNPOD_ESALHUK@TDFUZHBLJ\XGKL^NXA\EVHSP[D_C^B_^JCX^W]CHBAX]POG@SSAZQ\LE
[DCNMUPG_VSC@VJM
| Date: Thu, 11 Sep 2003 20:45:49 GMT
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-online.de!newsfeed.icl.net!newsfeed.fjserv.net!
newshosting.com!news-xfer1.atl.newshosting.com!diablo.voicenet.com!prodigy.com!newsmst01.news.prodigy.com!prodigy.com!
postmaster.news.prodigy.com!newssvr22.news.prodigy.com.POSTED!fd8ad55f!not-for-mail
| Xref: cpmsftngxa06.phx.gbl microsoft.public.inetserver.iis:275175
| X-Tomcat-NG: microsoft.public.inetserver.iis
|
| In article <emN5hVIeDHA.1828.DeleteThis@TK2MSFTNGP09.phx.gbl>, "Keith W. McCammon"
| <km.DeleteThis@km.com> wrote:
| >Not sure what you mean by "map." When you generate the CSR, you assign a
| >common name, which is how the cert is identified. There's no mapping that
| >takes place, aside from associating a cert with a given site.
|
| And if that isn't clearly stated enough, let me go further.
|
| When creating a server certificate, the common name must match the name that
| your clients will use to connect you as. Many programs will report an error
| in the certificate, if they connect to "mysite.example.com", and the
| certificate they get back has a common name of "mysite", where it should be
| "mysite.example.com".
|
| There are wildcard certificates, but if you pay to get your certificate, you
| will have to pay considerably more to get a wildcard certificate. Such a
| certificate would have something like "*.example.com" as the common name.
|
| Alun.
| ~~~~
|
| [Please don't email posters, if a Usenet response is appropriate.]
| --
| Texas Imperial Software | Find us at http://www.wftpd.com or email
| 1602 Harvest Moon Place | alun.DeleteThis@texis.com.
| Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
| Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
|
 >> Stay informed about: SSL Certificate Common Name