Requesting and Installing Other Server CertificatesChapter 5 Securing Your Enterprise Server 93Required CA InformationBefore you begin the request process, make sure you know what information yourCA requires. Whether you are requesting a server certificate from a commercial CAor an internal CA, you need to provide the following information:• Common Name must be the fully qualified hostname used in DNS lookups(for example, www.example.com). This is the hostname in the URL that abrowser uses to connect to your site. If these two names don’t match, a client isnotified that the certificate name doesn’t match the site name, creating doubtabout the authenticity of your certificate. Some CAs might have differentrequirements, so it’s important to check with them.You can also enter wildcard and regular expressions in this field if you arerequesting a certificate from an internal CA. Most vendors would not approvea certificate request with a wildcard or regular expression entered for commonname.• Email Address is your business email address. This is used for correspondencebetween you and the CA.• Organization is the official, legal name of your company, educationalinstitution, partnership, and so on. Most CAs require that you verify thisinformation with legal documents (such as a copy of a business license).• Organizational Unit is an optional field that describes an organization withinyour company. This can also be used to note a less formal company name(without the Inc., Corp., and so on).• Locality is an optional field that usually describes the city, principality, orcountry for the organization.• State or Province is usually required, but can be optional for some CAs. Notethat most CAs won’t accept abbreviations, but check with them to be sure.• Country is a required, two-character abbreviation of your country name (inISO format). The country code for the United States is US.All this information is combined as a series of attribute-value pairs called thedistinguished name (DN), which uniquely identifies the subject of the certificate.If you are purchasing your certificate from a commercial CA, you must contact theCA to find out what additional information they require before they issue acertificate. Most CAs require that you prove your identity. For example, they wantto verify your company name and who is authorized by the company to administerthe server, and they might ask whether you have the legal right to use theinformation you provide.