Stewart Dean wrote:
When you do this using either the req or gen rsa command, does the generated output have *anything* in it that acts as a fingerprint of the machine where the command was invoked?
That is, as part of running these commands, does the output end up withe some section that ties it to that very machine and no other?
[...]
When I run the openssl req/genrsa command, am I going to get some fingerprint of the machine embedded that won't match the DNS symbolic name I want to use (imap.bard.edu) and put in the CN? Which I would think would make the certificate usage fail because the host name it got for that fingerprint might be mercury or anyone of the other 4?
[...]
The machine on which you run the openssl-command should be completely irrelevant.
And if you have your self-signed cert running (that is, if your clients trust you) you should just use the same name in the CN for the request as you used in your self-signed cert (most probably imap.bard.edu).
If you are in doubt you should try to set up your own CA and sign your request with it. If you then import the CA's cert into your client as a trusted authotity (how to do that depends on your client) there should be no difference betwenn a Thawte-cert and a cert signed by your CA.
Hope this helps, Ted ;)
smime.p7s
Description: S/MIME Cryptographic Signature
