Common Name in Certificate

https://support.dnsimple.com/articles/ssl-certificate-hostname/

https://support.dnsimple.com/articles/what-is-common-name/

What is the Common Name?

The Common Name (also CN) identifies the fully qualified domain name(s) associated with the certificate. It is typically composed by an host and a domain name it looks like (e.g. http://www.example.com or example.com).

Depending on the certificate type, it can be one or more hostnames belonging to the same domain (e.g.example.com, http://www.example.com), a wildcard name (e.g. *.example.com) or a list of domains. In all cases, it don’t include any protocol (e.g. http:// or https://), port number or pathname.

The certificate is valid only if the request hostname matches at least one of the certificate common names.

Wildcard or Single-Hostname?

Read the article Choosing the SSL Certificate Common Name if you need help to determine the most appropriate common name for your certificate.

Most web browsers displays a warning message when connecting to an address that does not match the common name in the certificate.

Example of host name mismatch error on Google Chrome

Example of host name mismatch error on Google Chrome

Example of host name mismatch error on Google Safari

Example of host name mismatch error on Google Safari

Choosing the SSL Certificate Common Name

An SSL certificate is required to be associated with one or more hostnames, called common name.

The common name determines which hostnames are covered by the certificate and must be selected at the time of the purchase. DNSimple provides both single name and wildcard certificates.

Single name certificate

The single name certificate is valid only for the hostname specified with the certificate.

For example, if you purchase a certificate for the hostname secure.example.com, you can’t use it forhttp://www.example.com or example.com. Any attempt to serve these hostnames with the certificate will result in a security warning in most browsers.

The only exception is the root domain, in case you purchase a certificate for the www-hostname, as described below.

Wildcard certificate

The wildcard certificate is valid only at a single level sub-domain. You use the wildcard “*” symbol to indicate the sub-domain.

For example, if you purchase a wildcard certificate for *.example.com, you can use it in any example.comfirst-level subdomain such as http://www.example.com, secure.example.com or private.example.com. However, you can’t use it for http://www.secure.example.com or super.secure.example.com.

Securing the Root domain

Both single name and wildcard certificates can be used on the root domain (e.g. example.com) at the following conditions:

  • For the single name certificate you must purchase a certificate for the www-hostname (e.g.http://www.example.com). If you purchase a certificate for the root domain you will not be able to use it for the www hostname.
  • For the wildcard certificate you must purchase a certificate for the third level domain pattern (e.g. *.example.com).
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s