[openssl-users] CSR with multiple subject names?
Jakob Bohm
jb-openssl at wisemo.com
Fri Jun 2 03:07:32 UTC 2017
On 01/06/2017 16:26, l vic wrote:
> I am working with service with TLS authn that uses subject name to
> authenticate client.
> Is it possible to use list of subject names in client certificate so
> that service could authenticate several clients with the same
> key/certificate? If not, would it be possible to use alternative
> subject names for the same purpose? Can SANs only used in the context
> of DNS domains, eg to authenticate the same subject name calling from
> different DNS domains?
SANs (SubjectAlternativeNames) can contain all the name types
(unlike the main Subject, which can only contain a backwards
compatible DirectoryName).
Depending on what kind of identity a server wants to identify,
good choices for user identifying SANs are:
- rfc822Name ("user at sub.domain.tld")
- DirectoryName (CN=First Middle Last, OU=Department, O=Example
company, street=SomeRoad 123, L=12345 SomeCity, ST=SomeState, C=US)
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list