Hey Crypto guys, I have a basic questions regarding Certificate validation. Basically in a Server Authentication a TLS client should validate the CN/SN with Host portion of the ACS.URL. If it matches then handshake will succeed else will fail. Am I right ? e.g. if Host.Url=x.x.x.x then CN (in both subject & issuer field should be x.x.x.x ) for self-signed certificate. Issuer: C=IN, ST=Karnataka, L=Bangalore, O=AN, CN=www.https.com Subject: C=IN, ST=Karnataka, L=Bangalore, O=AN, CN=www.https.com if Host.Url=x.x.x.x then CN (in subject field should be x.x.x.x ) for CA-Signed certificate Issuer: C=IN, ST=Karnataka, L=Bangalore, O=AN, CN=Veisign Subject: C=IN, ST=Karnataka, L=Bangalore, O=AN, CN=10.204.4.69
CN validation using self-signed certificate. SN validation: 1) Using CA signed certificate : using Subject name as HostURL 2) Using CA signed certificate : using subAltname as HostUrl Method for CN validation: 1) Keep the same Self-signed cert at both side (FAP & Server) Method for SN validation: 1) Keep ROOT cert at FAP and server cert (signed cert) at Server. Am I right guys ? Please let me know. Best Regards, S S rout -- View this message in context: http://old.nabble.com/SSL_Certificate-Validation-%28-Server-Authentication%29%3A-Please-Help-tp33873598p33873598.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
