On 01/06/2017 16:26, l vic wrote:
I am working with service with TLS authn that uses subject name to
authenticate client.
Is it possible to use list of subject names in client certificate so
that service could authenticate several clients with the same
key/certificate? If not, would it be possible to use alternative
subject names for the same purpose? Can SANs only used in the context
of DNS domains, eg to authenticate the same subject name calling from
different DNS domains?
SANs (SubjectAlternativeNames) can contain all the name types
(unlike the main Subject, which can only contain a backwards
compatible DirectoryName).
Depending on what kind of identity a server wants to identify,
good choices for user identifying SANs are:
- rfc822Name ("u...@sub.domain.tld")
- DirectoryName (CN=First Middle Last, OU=Department, O=Example
company, street=SomeRoad 123, L=12345 SomeCity, ST=SomeState, C=US)
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
