Pivotal Cloud Foundry® (PCF)
The purpose of this article is to help the reader how to check the domain and subject alt names listed on the SSL/TLS certificate for your PCF installation.
Checking Cert Info
openssl req -in your.csr -noout -text
openssl s_client -connect api.system.10.x.x.x:443
openssl s_client -connect api.system.yourdomain.com:443 -state -debug >ssl-debug.txt
echo -n | openssl s_client -connect "api.systemDomain.example.com:443" | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -text | grep "DNS:"
You will see something like the following in the output.
Internally Signed Certs/Self-Signed Certs: If you environment is not publicly facing you can use Self-Signed Certs. Configuring your private browsers to accept your own Certificates as trusted. An Self-Signed CA is not publicly trusted but is configure to trust all of the company's computers / networks. This is a common situation for large companies.
Publicly Signed Certs: If you are serving Public internet traffic you should use Publicly signed Certs generated using a CA (Certification Authority). As this will prevent browsers generating certificate error when accessing your apps. A CA issues digital certificates that are trusted by default in browsers. So when accessing your App's users will not get any SSL/Certificate errors.
Please refer to the following links for more information on Configuring Certificates if PCF.