Bug 488152 - Cannot have two "cn" values in cert subject DN
Summary: Cannot have two "cn" values in cert subject DN
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: Doc-administration-guide
Version: 8.0
Hardware: All
OS: Linux
low
high
Target Milestone: ---
: ---
Assignee: Deon Ballard
QA Contact: Content Services Development
URL:
Whiteboard:
Depends On:
Blocks: 249650
TreeView+ depends on / blocked
 
Reported: 2009-03-02 21:37 UTC by Rich Megginson
Modified: 2009-08-20 03:38 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-05-01 21:47:38 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Rich Megginson 2009-03-02 21:37:55 UTC
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_SSL-Using_certutil.html#certutil-procedure

step 7

The subject DN cannot have two "cn" values.  This causes some clients to become confused.  For best results, use only 1 "cn" in the subject DN, make the "cn" the leftmost value, and make sure the value of "cn" is the fully qualified host and domain name of the server machine for the server you are generating the cert.

cn=ldap.example.com, cn=Directory Server <- BAD
ou=Directory Server, cn=ldap.example.com <- BAD
cn=ldap, ou=Directory Server <- BAD
cn=ldap.example.com, ou=Directory Server <- GOOD

Comment 1 Deon Ballard 2009-05-01 21:47:38 UTC
Added a note to step 7:
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_SSL-Using_certutil.html#certutil-procedure

This is related to bug 492135.

Closing.


Note You need to log in before you can comment on or make changes to this bug.