For all SSL Certificates, a domain name must be listed on the certificate. This domain name will be listed in the Certificate Signing Request (CSR) as the common name (CN).
To prevent ambiguity, the exact domain name must be specified and so a Fully Qualified Domain Name (FQDN) must be used as it represents an exact location within a Domain Name System (DNS).
An FQDN is structured in the order: [Host Name].[Domain].[Top-Level Domain].[Empty String]
.[Empty String] is actually implied on all browsers and systems so when entering the FQDN in the CSR, it should be structured in the order : [Host Name].[Domain].[Top Level Domain]
An FQDN provides the absolute path for a client to locate a host. For example, www.trustico.com allows a client or browser to locate the webserver [www] in the [trustico] domain that uses the [com] top-level domain.
Entering the root domain in the CSR can be used if you only need to secure connections to the webserver. Since a Certificate Authority will automatically assume www is needed, then a single domain SSL Certificate will automatically include www. The root domain is structured in the order [Domain].[Top-Level Domain]
The host that the client will be connecting to will always be on the far left of the FQDN. If it is a subdomain, the subdomain will continue to populate to the left of the root domain
Note : Unfortunately there is no Certificate Authority that can issue an SSL Certificate for .local hostnames.