CN specification for hosts in pkinit certs
lux-integ
lux-integ at btconnect.com
Wed Jan 8 06:26:40 EST 2014
Greetings,
I am atempting to learn to setup pkinit on a computer with these:-
--cpu -amd64
--os 64-bit blfs linux krb5-1.11.3
I am following howtos for generating x509 certs here
http://web.mit.edu/kerberos/krb5-current/doc/admin/pkinit.html
and here
( http://pages.cs.wisc.edu/~zmiller/ca-howto/ )
I am editing the openssl.cnf and for users certs
I use
user at REALM for the CN (commmonName) and
emailaddress for emailAddress
for hosts I omit the email address but I am a bit puzzled what to use for CN
(commonName)
is it
fdqn at REALM or
host/fdqn at REALM ?
or otherwise???
advice would be appreciated.
Thanks in advance
sincerely
luxIntwg
More information about the Kerberos
mailing list