Bug 488152

Summary: Cannot have two "cn" values in cert subject DN
Product: Red Hat Directory Server Reporter: Rich Megginson <rmeggins>
Component: Doc-administration-guideAssignee: Deon Ballard <dlackey>
Status: CLOSED CURRENTRELEASE QA Contact: Content Services Development <ecs-dev-list>
Severity: high Docs Contact:
Priority: low    
Version: 8.0Keywords: Documentation
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-05-01 21:47:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 249650    

Description Rich Megginson 2009-03-02 21:37:55 UTC 
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_SSL-Using_certutil.html#certutil-procedure

step 7

The subject DN cannot have two "cn" values.  This causes some clients to become confused.  For best results, use only 1 "cn" in the subject DN, make the "cn" the leftmost value, and make sure the value of "cn" is the fully qualified host and domain name of the server machine for the server you are generating the cert.

cn=ldap.example.com, cn=Directory Server <- BAD
ou=Directory Server, cn=ldap.example.com <- BAD
cn=ldap, ou=Directory Server <- BAD
cn=ldap.example.com, ou=Directory Server <- GOOD
Comment 1 Deon Ballard 2009-05-01 21:47:38 UTC 
Added a note to step 7:
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_SSL-Using_certutil.html#certutil-procedure

This is related to bug 492135.

Closing.