is that all it takes to makes sure we've got the right userA? If we
create our own CA and dish out certs for our server, then we just have
to make sure the cert they have was issed by our CA. Can you configure
openssl to only permit connections based on our CA? so then from there
we can trust the subject and issuer name and serial number.
Dan
Rich Salz wrote:
I'm trying to figure out how to get a cert's unique identifier, whatever
that may be (signature?). ...
... What I want to do is match a user's login with the cert they are
using. i.e. userA has been registered to use certA (i.e. one I have
issued to them) so I want to make sure that match is there when userA
logs in.
Typically you will put userA in the DN of the cert, such as
C=US, ..., cn=userA
or you will put their email address in the subjectAltName extension.
You probably want the latter.
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
