Mark Young wrote:
Well, I understand that X509 certificates have a "Subject" field, but I
wasn't sure how you were suggesting I make use of that. Are you saying
that I should use the X509SubjectName element provided by the xmldsig
specification, and that xmlsec will match the contents of
X509SubjectName with the contents of the Subject field of one of the
certificates in the Keys Manager?
Correct. The "subject" (generally speaking) is a way to
uniquely identify a certificate issued by a given CA. Same is
true for "issuer name" + "serial number" combination.
Either of the two ("subject" or "issuer name" + "serial number")
can be used to lookup a certificate in the keys manager.
Best,
Aleksey
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
