Alexandre Arantes wrote:
one of them asked me why did I choose not to add the client hostname to the
Client Certificate, thus making it usable only by that specific client.
There are no standardized naming rules for client certs like the TLS server
hostname check implemented at the client
Hello,
I recently implemented a secured communication between two sites in which one
acts as the server and the other as the client. To accomplish this, I used
openssl to generate self-signed CA, Server and Client certificates (the calls
are made using cURL).
It all works beautifully and,
But once I showed my work to people in my company, one of them asked me why
did I choose not to add the client hostname to the Client Certificate, thus
making it usable only by that specific client.
You put to put the client name or ipaddr in the subjectAltName extension field.
Then you'd