The subject distinguished name or subject DN of an X.509 certificate consists of several Relative Distinguished Names (RDNs) and therefore can be quite tiresome to write as in
"C=DE, ST=Mecklenburg-Vorpommern, L=Rostock, O=Finanzamt, OU=Zentrale Informations- und Annahmestelle, CN=steuerportal-mv.de, [email protected]" Therefore often one or several subjectAlternativeNames or Aliases are added as X.509v3 extensions to a certificate, like e.g. DNS:moon.strongswan.org email:[email protected] IP:11.22.33.44 (given in openssl.cnf notation) which saves a lot of typing work and helps to eliminate errors. Regards Andreas On 09/25/2011 02:58 PM, nima chavooshi wrote: > > Hi > Thanks a lot for your quick reply. > Excuse me for my dummy question.I am some confused. > May you give me more explanation about "subject distinguished name", > "subjectAltName", "subject DN" field on X509 certification? > According to your told, I should define lefid at least, is that true ? > > Thanks in advance for any help or guidance > > On Sun, Sep 25, 2011 at 2:16 PM, Andreas Steffen > <[email protected] <mailto:[email protected]>> > wrote: > > Hello, > > left|rightid *must* be either the subject distinguished name or > a subjectAltName extension contained in the certificate. If you > don't define leftid or if leftid is not defined in the certificate > then automatically the subject DN is assumed as a default. > > As a responder you can define rightid=%any, in that case any > peer with a trusted and non-revoked certificate will be accepted. > > Regards > > Andreas -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
