Re: CSR with multiple subject names?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/06/2017 16:26, l vic wrote:
I am working with service with TLS authn that uses subject name to authenticate client. Is it possible to use list of subject names in client certificate so that service could authenticate several clients with the same key/certificate? If not, would it be possible to use alternative subject names for the same purpose? Can SANs only used in the context of DNS domains, eg to authenticate the same subject name calling from different DNS domains?
SANs (SubjectAlternativeNames) can contain all the name types
(unlike the main Subject, which can only contain a backwards
compatible DirectoryName).

Depending on what kind of identity a server wants to identify,
good choices for user identifying SANs are:

 - rfc822Name ("user@xxxxxxxxxxxxxx")
- DirectoryName (CN=First Middle Last, OU=Department, O=Example company, street=SomeRoad 123, L=12345 SomeCity, ST=SomeState, C=US)

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux