Koozali.org: home of the SME Server

SSL certificate : paying for one: Doubt about CommonName

Offline Jáder

  • *
  • 1,099
  • +0/-0
    • LinuxFacil
SSL certificate : paying for one: Doubt about CommonName
« on: March 03, 2013, 04:55:30 PM »
I'd like to pay for a SSL certificate for my SME8 server. It's under US$ 60/y here in Brazil.
But I'm not sure what common name to use:
a) www.mydomain
b) mail.mydomain
c) <hostname>.mydomain

I have hostname configurate as a different name for each machine.
If I have a HP ML110g3 server, his hostname is TIGER.
And i I buy a new server (a N40L), his hostname is LEOPARD.
each machine has a baptism name attached to it (as a TAG) as reference for his lifetime.

I use www.mydomain as for web site only.
Everything else uses mail.mydomain as reference.
So if I have webmail.mydomain it points to mail.mydomain/webmail

I'd like to be able to use SSL certificate also in e-mail, for send/receive in Thunderbird using SSL. Again, this is allways configurated as mail.mydomain on all clients fields.

What should I choose to fill the CSR request form ?

Thanks

Jáder
...

Offline bunkobugsy

  • *
  • 306
  • +4/-0
Re: SSL certificate : paying for one: Doubt about CommonName
« Reply #1 on: March 07, 2013, 05:27:56 AM »
Why when www.startssl.com class1 is free?
CN = mail.mydomain (your public SME IPv4)

http://wiki.contribs.org/Certificate_Integration_startssl.com_Server_Certificate

Offline Jáder

  • *
  • 1,099
  • +0/-0
    • LinuxFacil
Re: SSL certificate : paying for one: Doubt about CommonName
« Reply #2 on: March 07, 2013, 01:54:44 PM »
Why when www.startssl.com class1 is free?
CN = mail.mydomain (your public SME IPv4)

http://wiki.contribs.org/Certificate_Integration_startssl.com_Server_Certificate

I have the StartSSL certificate already isntalled... but sometimes I need to ACCEPT a certificate... and for US$50 I can afford to do not have this!

I'll try a 30 days free certificate from Norton using MAIL.mydomain ;)
Thanks

Jáder
...

Offline bunkobugsy

  • *
  • 306
  • +4/-0
Re: SSL certificate : paying for one: Doubt about CommonName
« Reply #3 on: March 07, 2013, 05:35:09 PM »
If you need to accept it in Thunderbird there's a patch for you
http://bugs.contribs.org/show_bug.cgi?id=4450 and it works :)

mkdir --parent /etc/e-smith/templates-custom/home/e-smith/ssl.pem/
wget http://bugs.contribs.org/attachment.cgi?id=3523 -O /etc/e-smith/templates-custom/home/e-smith/ssl.pem/60pem
signal-event console-save