-1

I want to generate some certificates that are NOT linked to a domain name. The reason is I dont have a domain name for my api yet. Could someone explain what I put in for cn if there is not domain name at all? I am just trying to test out some services over https. Thanks

A_Suh
  • 3,727
  • 6
  • 22
Steven Smart
  • 495
  • 3
  • 7
  • 22

1 Answers1

0

If you access a resource by https:// then the client will expect the domain name from the URL to be included in the certificate. If the URL does not contain a domain name but an IP address then this one is expected - as subject alternative name with type IP. See Is it possible to have SSL certificate for IP address, not domain name? and How to generate a Self Signed SSL Certificate bound to IP address? for more about this.

Certificates without domain names or IP address are possible in other use cases but not in this one, at least as long the client is properly validating the certificate.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • Thanks. Good to know it can be done. I looked at the answers and I don't see anyone showing exactly how to specify subject alternative and the type as IP. Is it something I can do with openssl? Do I leave out cn entirely? and just put in IP:192.0.2.1 during the generation of the certificate? – Steven Smart Jul 29 '19 at 15:26
  • @StevenSmart: see [Using SSL with an IP address instead of DNS](https://bowerstudios.com/node/1007) for more detailed instructions. – Steffen Ullrich Jul 29 '19 at 15:36