ADCS - CN equals

k3vmo
Contributor II

Our machine certificates are formatted by hostname.domain.com

Within the certificate payload, should I use CN=$COMPUTERNAME.domain.com or CN=$HOSTNAME.domain.com? 

I was hoping I could do it by DNS name only  - but the Certificate payload requires a subject.

 

Screen Shot 2023-04-24 at 3.46.10 PM.png

 

keychain.png

3 REPLIES 3

sdagley
Esteemed Contributor II

@k3vmo We use user certificates instead of device certs, so I can't answer this from direct experience, but I don't see $HOSTNAME as a valid variable for a Jamf Pro Configuration Profile (in https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Computer_Configuration_Profiles.ht...). Since $HOSTNAME should be equivalent to $COMPUTERNAME.comain.com I would recommend going with CN=$COMPUTERNAME.domain.com

BL-ay
New Contributor II

We use computer certificates but with the serial number as UPN. For other extensions I used $COMPUTERNAME as Hostname.

mm2270
Legendary Contributor III

What @sdagley said. Use CN=$COMPUTERNAME.domain.com That should work.