Should a computer certificate's CN be just the computer name or the fully qualified domain name?

ME 311 Reputation points
2022-03-29T15:43:59.583+00:00

When using the Certificate snap-in to request a custom certificate, should the CN of the Subject Name be just the computer's hostname or it's FQDN?

For example, a domain-joined computer called workstation1 in the office.local domain - should CN=workstation1 or CN=workstation1.office.local ?

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,809 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vadims Podāns 9,121 Reputation points MVP
    2022-03-30T06:51:39.903+00:00

    Subject field (or CN attribute) is deprecated by RFC 2818. Instead, all relevant names must be specified in Subject Alternative Names (SAN) certificate extension. You can populate this extension under Subject field editor in certificate request manager.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.