E-mail address for Certificate Signing Request

ssl-certificate certificate-authority

Should an e-mail address in a Certificate Signing Request (CSR) for a server with a domain name aaa.bbb.ccc.ddd contain exactly all domain zones or it can be [email protected] (in other words, just an organizational top-level domain)?

Context: I'm relying on this guide, but the installation will be done on a private cloud, not Linode.


Solution 1:

The email address in the request doesn't need to relate to the DNS names in the certificate at all. It could be a gmail address if you wanted. It's just metadata and a hypothetical way for someone to contact the owner of an SSL protected site. Technically it's not even required metadata. It's completely up to the Certificate Authority whether they want to require it or not. Though some Certificate Authorities do use the e-mail address field to verify that you can receive email on that domain.

Related

Watchguard mobile vpn: failed to get domain name
What does an alias group means in SID context?
Low power (cheap to operate) server with lots of RAM? [closed]
How can I connect to a cisco switch via serial console cable from powershell?
Use variable for server_name in nginx
Why would using MongoDB in lieu of etcd as a key value store be a good or bad idea? [closed]
AWS ECR - Push Successful, Image Does Not Appear in Repo
OpenVPN needs a gateway parameter fo a --route option
On EC2 Windows Server 2016, automatically mount instance storage when restarting the instance
Can I run an Oracle server without swap?
Complete High Availability System [duplicate]
Mikrotik limit Socks server access from LAN