Hi @velkavrhn, Thank you for reaching out. An agent will get back to you as soon as possible. Until then, if any community member has information that may be helpful, feel free to reply in this thread.

Hey @velkavrhn,

Understanding the Common Name in CSR for Two-Way SSL and MLE

When generating Certificate Signing Requests (CSRs) for Two-Way SSL and Message Level Encryption (MLE) in the Visa Developer Portal, the "Common Name" (CN) field is an important component. Here’s what you need to know about the Common Name:

What is the Common Name?
The Common Name (CN) in the CSR is typically a fully qualified domain name (FQDN) that uniquely identifies your server or service. It is used by the Certificate Authority (CA) to issue the certificate and by clients to verify the identity of the server during the SSL/TLS handshake.

What Should the Common Name Represent?
- Fully Qualified Domain Name (FQDN): The CN should be a fully qualified domain name (e.g., `api.yourdomain.com`).
- Identifier: The CN acts as an identifier for your service or server, ensuring that the certificate is issued to the correct entity.

Does the Domain Need to be Hosted?
- No Hosting Required: The domain name used in the CN does not necessarily need to be hosted or resolve to an actual server. It is used primarily as an identifier for the certificate and during the SSL/TLS handshake process.
- Placeholder Domain: You can use a placeholder domain name that does not correspond to a real, hosted domain. However, it is generally good practice to use a domain name that you control or plan to use in the future.

Steps for Generating CSR with Common Name

Example: Generating a CSR using OpenSSL

1. Generate a Private Key:
```sh
openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048
```

2. Generate the CSR:
```sh
openssl req -new -key private.key -out request.csr
```

3. Provide CSR Details:
When prompted for the Common Name, enter your fully qualified domain name or a placeholder domain name:
```plaintext
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:San Francisco
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company Name
Organizational Unit Name (eg, section) []:IT Department
Common Name (e.g. server FQDN or YOUR name) []:api.yourdomain.com
Email Address []:your.email@yourdomain.com
```

Summary
- Common Name (CN) should be a fully qualified domain name (FQDN).
- The domain used in the CN does not need to be hosted or resolve to an actual server.
- The CN serves as an identifier for the certificate and during the SSL/TLS handshake.
- You can use a placeholder domain name, but it is best to use a domain you control or plan to use.

By following these guidelines, you can correctly generate CSRs for Two-Way SSL and MLE in the Visa Developer Portal.