Solved

Create a CSR without fully qualified domain name?

Posted on 2008-10-23
4
699 Views
Last Modified: 2010-04-21
I'm working on creating a self-signed SSL certificate and wondering if it is possible to create the CSR using an IP Address as the Common Name instead of a domain name. Is this possible?
0
Comment
Question by:yamabob217
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 50

Accepted Solution

by:
Steve Bink earned 100 total points
ID: 22786467
I suppose you could, but that means anyone not browsing to your IP would receive a warning about a certificate mismatch.  That might not be a problem for you, since they'll already be receiving a warning about a self-signed certificate.

If you want a single certificate to answer to multiple domains, you need a wildcard certificate.  Those are useful in cases where you have a.mydomain.com and b.mydomain.com, and don't want to pay for two certificates.
0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 25 total points
ID: 22789472
Yes, you can.  As noted above, browsing to anything but the IP would give the error, but I'm guessing you know that.  

To correct above note, wildcards are for multiple sites inthe same domain, e.g. *.domain.com, not multiple domains.  If you want multiple things, e.g. IP address, hostname, and FQDN, you could look for a multi-domain cert, a.k.a. UCC cert from a commercial vendor.  If using your own CA, use the SAN: attribute to specify additional names in the Attributes field when submitting via certsrv page, or can use SAN when submitting via certreq.  Most apps only allow for one name when creating the CSR, although there are a few out there (sorry don't remember which offhand, but to my knowledge IIS is not one of them) that do allow for creating the SAN in the CSR also.
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 22789789
>>> To correct above note, wildcards are for multiple sites inthe same domain

That's actually what I meant.  Thanks for the clarification.  :)
0
 

Author Closing Comment

by:yamabob217
ID: 31509189
Thanks so much for the help!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there! Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Auth…
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question