What CN should I use when issuing a test certificate for a service?

There are three types of names you'll commonly see:

  1. fully qualified domain names
  2. machine names (netbios)
  3. localhost

These names are what work when connecting at internet, intranet, and local machine scales, respectively. The one most commonly gotten wrong is for localhost, possibly because you see it so often for test certificates but never use it elsewhere. Check your spelling of localhost and make sure there are no spaces, quotation marks, port numbers, or URIs in the name if you are getting an error validating the certificate. Also, make sure that you aren't trying to access a service with a certificate issued to localhost from a different machine.

Next time: Deriving from Bindings