488152 – Cannot have two "cn" values in cert subject DN

Bug 488152 - Cannot have two "cn" values in cert subject DN

Summary: Cannot have two "cn" values in cert subject DN

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Directory Server
Classification:	Red Hat
Component:	Doc-administration-guide
Sub Component:
Version:	8.0
Hardware:	All
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Deon Ballard
QA Contact:	Content Services Development
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	249650
TreeView+	depends on / blocked

Reported:	2009-03-02 21:37 UTC by Rich Megginson
Modified:	2009-08-20 03:38 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-05-01 21:47:38 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Rich Megginson 2009-03-02 21:37:55 UTC

http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_SSL-Using_certutil.html#certutil-procedure

step 7

The subject DN cannot have two "cn" values.  This causes some clients to become confused.  For best results, use only 1 "cn" in the subject DN, make the "cn" the leftmost value, and make sure the value of "cn" is the fully qualified host and domain name of the server machine for the server you are generating the cert.

cn=ldap.example.com, cn=Directory Server <- BAD
ou=Directory Server, cn=ldap.example.com <- BAD
cn=ldap, ou=Directory Server <- BAD
cn=ldap.example.com, ou=Directory Server <- GOOD

Comment 1 Deon Ballard 2009-05-01 21:47:38 UTC

Added a note to step 7:
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_SSL-Using_certutil.html#certutil-procedure

This is related to bug 492135.

Closing.

Note You need to log in before you can comment on or make changes to this bug.