Yes, you can use the PI server hostname as commonName. commonName is the web address which will be accessed for secure connection. If you are creating and using this certificate on PI server, you should use PI hostname.
For you, if you just want secure connection, only server must have his certificate. Client has to import CA (certification authority) to trust server certificate.
I think, you just nedd to import CA, they are include in sever certificate, it also can be server certificate himself (in case autosigned certificate)
When PI is the client : No need to generate key, just import CA server (CA server = Root, and intermediate)
When PI is the server : You need to generate both (public and private). Give public certificate to partner (they use them to crypt data), keep the private one (you use it to uncrypt data). And yes, you have to main both key.
I understand that you use SSL one way. I'm agree, no need to exchange certificate for authentication. but certificate contain some tools to crypt flow.
To trust PI server, client need to have PI server CA certificate in client truststore and the easiest way is to import Public PI server certificate, in public certificate you can export root and intermediate certificate.
At runtime, when client try to established connection, PI server send Public key, client chek if CA can be trust or not (trusted if CA exist into trust store), if yes, they use tool into certificate to crypt the flow
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.