All of the articles I read online talk about creating a self-signed certificate for a domain you own.
I have Apache2 set up on an Ubuntu 16.04 server at home. My ISP gives me a dynamic IP so I use No-IP. I have ports opened on my router to re-direct traffic to my server.
I also access the web-server from home (inside the network).
So if I am outside my home network I'll use https://username.noip.me/ and if I am at home I will use https://homeserver/.
So how can I create a self-signed certificate for this situation? What do I put as the Common Name?
Best Answer
You use a friendly name for the Common Name (CN) for two reasons. First, its displayed to users by tools, so you want something like Example Widgets, LLC. Second, hostnames always go in the Subject Alternate Name (SAN). Placing a hostname in the CN is deprecated by both the IETF and CA/B Forums.
For more rules and reasons, see How do you sign Certificate Signing Request with your Certification Authority and How to create a self-signed certificate with openssl?
Use the
openssl
utility with a custom configuration file. Below is a sample one.You should two things. First, change the DNS names list to
username.noip.me
andhomeserver
. Second, after changing the names you want in the certificate, run the following command:Obviously, you can change the name of the configuration file from
example-com.conf
to anything you want.Also, at the house, I run my own PKI. I have a Root CA that issues certificates for devices on my network when needed. All devices have the Root CA installed. My internal domain is called
home.pvt
. Hosts on the network are named,pine64.home.pvt
,rpi3.home.pvt
,solaris.home.pvt
,windows10.home.pvt
, etc. Everything works as expected.Example Configuration File