> * Important that during CSR the Common Name match the web server name that > browsers will use: eg www.xxx.com otherwise clients will all display a warning > that the server certificate does not match the name of the server.
Actually that's quite annoying. Some people like to skip www in the name, and so the browser complains the cert name doesn't match the site name because it's made out to www.xxx.com and not xxx.com (I continued the pr0n site example :). It should have been possible to make out a cert to a site under more than one name, or with names alias. An alternative would be to use mod_rewrite on the server and rewrite all requests for xxx.com to www.xxx.com, but I haven't got around to this yet, hopefully it will be a simple thing. nikolai.
