Should a computer certificate's CN be just the computer name or the fully qualified domain name?

ME 311 Reputation points

When using the Certificate snap-in to request a custom certificate, should the CN of the Subject Name be just the computer's hostname or it's FQDN?

For example, a domain-joined computer called workstation1 in the office.local domain - should CN=workstation1 or ?

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,608 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vadims Podāns 8,731 Reputation points MVP

    Subject field (or CN attribute) is deprecated by RFC 2818. Instead, all relevant names must be specified in Subject Alternative Names (SAN) certificate extension. You can populate this extension under Subject field editor in certificate request manager.

    0 comments No comments