CN specification for hosts in pkinit certs

lux-integ lux-integ at btconnect.com
Wed Jan 8 06:26:40 EST 2014


Greetings,

I am atempting to learn to setup pkinit   on a   computer with these:-

--cpu -amd64
--os 64-bit blfs linux krb5-1.11.3


I am following howtos for generating x509 certs here


http://web.mit.edu/kerberos/krb5-current/doc/admin/pkinit.html

and here
 ( http://pages.cs.wisc.edu/~zmiller/ca-howto/ )

I am editing the openssl.cnf and for users certs  
I  use     
user at REALM   for the CN  (commmonName) and 
emailaddress  for emailAddress

for hosts  I omit the email address  but I am a bit puzzled what to use for CN
(commonName)

is it 
fdqn at REALM  or 
host/fdqn at REALM ?

or otherwise???

advice would be appreciated.
Thanks in advance

sincerely
luxIntwg


More information about the Kerberos mailing list