[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Change over to anonymous binds

At 02:50 PM 2002-08-18, Tony Earnshaw wrote:
>The FQDN of the localhost IP (normally is "localhost".
>The only trouble is, that "localhost" isn't a FQDN -
>it *would* be, if it were "localhost." (note the dot).

The best way to view a trailing dot as an indication that
the preceding domain name is fully qualified.  That is,
the fully qualified name "example.com" can be written
as "example.com." to indicate that "example.com" is
fully qualified.

Choosing the name to put in the CN of your server cert
should be simple.  Choose the fully qualified domain name
which will return for the client the desired IP address(es)
of the server and place the certificate.  If there are
multiple FQDNs, choose the one which you would like the
users to enter.

The FQDN "localhost" returns NXDOMAIN, so it should not 
be used in a certificate.   And because it is unlikely
localhost will ever become a top-level domain, our clients
treat localhost as an alias for local host name.  So,
if the FQDN you choose for your certificate is also the
name of the host (per gethostname(3)), clients can access
it via this name or, on that host, as "localhost".

Of course, if you don't set your host name to a FQDN,
you shouldn't use the host name in the certificate.