I am new to Linux and i am currently trying to create server certificates from CA.crt
.
I have Certificate parameter to be used are CN (common name) = ipaddress and 1 year validity. I know how to use validity parameter but don't know what is improtance of CN and how can i use it while creating server certificate? See below command i am using
//create a certificate request .csr
openssl req -new -out server.csr -key server.key
//CA key to verify and sign the server certificate
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365
Some common information
'CN(Common Name)' is one of the parameters in the 'Subject' of the certificate. Others being C(Country), ST(State), OU(Organization Unit), etc.
'Subject' usually includes the information about the entity to which the certificate has been issued to.
To specify CN for a certificate, you can specify it while generating the CSR.
Answer to your question
Assuming you have to generate server.crt with CN=<ip_address>, you will have to generate CSR as follows (change ip as needed):
openssl req -new -out server2.csr -key server.key -subj "/CN=255.255.255.255"
Alternatively, if -subj option is not provided, an interactive mode window should open where you can specify the desired CN in 'Common Name' field. If you wish to skip other parameters like ST, OU in the subject, put '.' to skip them in the interactive mode.
Hope this helps.