Solved

Create a CSR without fully qualified domain name?

Posted on 2008-10-23
4
698 Views
Last Modified: 2010-04-21
I'm working on creating a self-signed SSL certificate and wondering if it is possible to create the CSR using an IP Address as the Common Name instead of a domain name. Is this possible?
0
Comment
Question by:yamabob217
  • 2
4 Comments
 
LVL 50

Accepted Solution

by:
Steve Bink earned 100 total points
ID: 22786467
I suppose you could, but that means anyone not browsing to your IP would receive a warning about a certificate mismatch.  That might not be a problem for you, since they'll already be receiving a warning about a self-signed certificate.

If you want a single certificate to answer to multiple domains, you need a wildcard certificate.  Those are useful in cases where you have a.mydomain.com and b.mydomain.com, and don't want to pay for two certificates.
0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 25 total points
ID: 22789472
Yes, you can.  As noted above, browsing to anything but the IP would give the error, but I'm guessing you know that.  

To correct above note, wildcards are for multiple sites inthe same domain, e.g. *.domain.com, not multiple domains.  If you want multiple things, e.g. IP address, hostname, and FQDN, you could look for a multi-domain cert, a.k.a. UCC cert from a commercial vendor.  If using your own CA, use the SAN: attribute to specify additional names in the Attributes field when submitting via certsrv page, or can use SAN when submitting via certreq.  Most apps only allow for one name when creating the CSR, although there are a few out there (sorry don't remember which offhand, but to my knowledge IIS is not one of them) that do allow for creating the SAN in the CSR also.
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 22789789
>>> To correct above note, wildcards are for multiple sites inthe same domain

That's actually what I meant.  Thanks for the clarification.  :)
0
 

Author Closing Comment

by:yamabob217
ID: 31509189
Thanks so much for the help!
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question