Reputation: 172380
How to choose the name for an X.509 company certificate?
I'd like to create a certificate to sign our company's software. The tool that I'm using for this (keytool from the Java SDK) expects the distinguished name in the following format:
CN=commonName, OU=organizationalUnit, O=organizationName, L=city, S=state, C=countryCode
If I just want a certificate for my company (not for any particular person therein), should I use
CN=MyCompany, C=AT
or
O=MyCompany, C=AT
as the distinguished name? The latter would make more sense (since MyCompany is the name of the organization), but I don't know if it's "correct" to leave the commonName empty.
Upvotes: 1
Views: 1864
Answers (1)
Reputation: 46070
CommonName can hold your company name as well. Or you can leave it empty - this doesn't matter as the standard has no requirement on the number of elements in SubjectName, neither there's a standard for CommonName format.
However, your whole task doesn't seem to make much sense. You are going to create a self-signed certificate for signing your software, but no validator would accept such signature. One would expect your software to be signed with certificate, issued by the authorized Certificae Authority.
Upvotes: 2
Related Questions
- Open SSL generate x509 self signed certificate with Friendly Name
- Do I need to prefix X.509 Subject Alternative Names with a "type"?
- What strings are allowed in the "common name" attribute in an X.509 certificate?
- Change issuer name of X509 certificate
- Specify Subject Alternative Name when generating a self signed certificate
- Which X509 StoreName refers to the certificates stored beneath Trusted Root Certification Authorities in Windows10
- SSL Certificate: How to deal with Common Name and Subject Alternative Name?
- How to set certificate friendly name
- How to change issuer Name while creating X509Certificate2 in C#
- x509 certificate subject alternative name