Blog: Explain commonName for nds-constrain't

2021-05-07 21:36:12 +00:00 · 2021-05-07 21:36:12 +00:00 · d1eb3155c7
commit d1eb3155c7
parent 9dbb509170
1 changed files with 7 additions and 0 deletions
--- a/posts/2020-07-12-nds-constraint.md
+++ b/posts/2020-07-12-nds-constraint.md
@ -52,6 +52,13 @@ I have copied them for reference.
 	openssl req -new -key server.key -out server.csr
 	openssl x509 -req -in server.csr -CA NWC.crt -CAkey NWC.key -CAcreateserial -out server.crt -days 3650 -sha1

+**Update (2021-05-07):** The second command will prompt you for values to be
+used in your certificate. The Common Name in this certificate should be the
+domain name that it will be valid for (e.g. “flipnote.hatena.com”). Most people
+will want to set it to “\*.\*.\*” (without the quotes), which will make it valid
+for all subdomains. See [this paste](https://pastebin.com/WQNEQwi8) for
+reference.
+
 NGINX users need to create a file for the certificate chain as well.

 	cat server.crt NWC.crt > server-chain.crt