I have a Linux Apache web server running ownCloud set up. I wish to use a dynamic DNS service (such as No-IP Free) with this server because my public IP address is not static. I also wish to use a self-signed certificate (I know of the risks) with the server. When generating a self-signed certificate using OpenSSL via the command line, it asks me for the 'Fully Qualified Domain Name' of the server. I do not have a domain name. What should I enter into this field: the static local network IP of the server (e.g. 192.168.1.5); the dynamic public IP (e.g. 192.0.2.1) of my router (I will forward the port); or the dynamic DNS domain name that I will use (e.g. myserver.ddns.net)?
Asked
Active
Viewed 1,703 times
-1
3 Answers
1
The common name or CN is the domain name, which you enter into the URL-bar of your browser. It's the name, you use to refer to the server/website/service and the browser or any other client will compare these two values for verification. In your example, it will be myserver.ddns.net.
If you wish to use owncloud-setup via the IP (which is not the case here), you want to give the IP as common name.
Also, if you want to be able to access the setup via the domain and the (local) IP, you can use Subject Alternative Name/ SubjectAltName (SAN). This can be useful, if you want to access it without internet access, because it's hosted in the local network (and it's faster, as the data only travels inside your network, otherwise, it goes through out through your modem and comes back again).
sebix
- 4,432
0
The CN must be the exact domain you want to secure, if you had a static IP address, you could secure this one and fill by an IP address.
Unfortunately you do not have one and you had to use a dynamic DNS service to resolve your IP even if it changes.
In that case, you have to fill the CSR with: myserver.ddns.net because it's the url you'll use to access your app.
Do SSL Certificates work with dynamic IP addresses?
Yes. SSL Certificates are associated with the server and Common Name, not the IP address, so you may use SSL Certificates with our Dyn Standard DNS service and a dynamic IP address without a problem.
Nabil Bourenane
- 795
0
I do not have a domain name
Yes you do, the one attributed by the dynamic DNS service.
You probably will have to generate a root certificate authority, for which the FQDN (or common name) can be just what you want, and then generate a certificate for your webserver for which the FQDN will be the one given by the dynamic DNS provider.
The certificate you'll add to Apache must be configured with the FQDN you'll use to access the server, ie you won't be able to https://192.168.1.1 if the certficate FQDN is me.no-ip.com.
To go deeper into SSL cert management, I'll recommand this excellent howto
chocopoche
- 101