[openssl-users] Is it possible to add a Client Hostname to an SSL Client Certificate?

Alexandre Arantes ajarantes at yahoo.ca
Wed Apr 29 19:05:01 UTC 2015


Hello,
I recently implemented a secured communication between two sites in which one acts as the server and the other as the client. To accomplish this, I used openssl to generate self-signed CA, Server and Client certificates (the calls are made using cURL).
It all works beautifully and, testing my "proof-of-concept" has shown that if one of the pieces is missing from the equation (CA, Server, Client certificates), the communication ceases.
But once I showed my work to people in my company, one of them asked me why did I choose not to add the client hostname to the Client Certificate, thus making it usable only by that specific client.
And so I started searching online for ways to do it, but found nothing. I also looked into the openssl site and documentation and found nothing there either. The truth is that I don't even know if this is possible or even if this is the right question to ask. 
But can it be done? And if so, could you show me how, or where should I go to get more information on how to accomplish this?
If you need more information on how I setup this communication, please let me know and I will be glad to share it here.
Thanks,Alex
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150429/53e1da53/attachment.html>


More information about the openssl-users mailing list