Generating a Self Signed SSL Certificate

carlosinfl · 07-22-2009, 01:41 PM

I have a server which I use for mail:

mail.iamghost.com

The above is the machines actual FQDN. Now because I also use it as a web server to access my website and webmail, I have a pointer record with my domain registrar to also forward all www.iamghost.com to the same IP as mail.iamghost.com.

Hope that makes sense above.

My question is when I generate a SSL self signed certificate for my server. Do I generate one for www.iamghost.com or mail.iamghost.com?

mostlyharmless · 07-22-2009, 02:33 PM

I honestly don't know. Maybe someone who does can also clarify this though: isn't the whole idea with SSL certificates that they be authenticated by a third party? Not that you can't do it, but everyone who gets on your site will get a warning that the certificate isn't valid. My employer does that; don't know if it has any value.

irishbitte · 07-22-2009, 03:39 PM

Basically, if you are using www.iamghost.com as the webpage, you use that for the SSL cert also. Browser checks on certs do a reverse-lookup on DNS records for the domain when checking certs, which is what is relevant for you, and they also check the certificate chain, which is not relevant for you, since you are using a self-signed certificate. Hope that makes sense!

BTW, I suggest you use one certificate for web, and a separate one 'mail.iamghost.com' for mail if you are planning on offering secure mail authentication or some such.