More about jabber and application certs in general.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19867 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -402,17 +402,49 @@ that Extended Key Usage and Subect Altertive Names that is used.
|
||||
@node Application requirements, CMS signing and encryption, Issuing a user certificate, Top
|
||||
@section Application requirements
|
||||
|
||||
Application have different requirements on certificates. This section
|
||||
tries to expand what they are and how to use hxtool to generate
|
||||
certificates for those services.
|
||||
|
||||
@subsection HTTPS
|
||||
|
||||
@example
|
||||
hxtool issue-certificate \
|
||||
--subject="cn=www.test.h5l.se,dc=test,dc=h5l,dc=se" \
|
||||
--type="https-server" \
|
||||
--hostname="www.test.h5l.se" \
|
||||
--hostname="www2.test.h5l.se" \
|
||||
...
|
||||
@end example
|
||||
|
||||
@example
|
||||
hxtool issue-certificate \
|
||||
--subject="uid=testus,dc=test,dc=h5l,dc=se" \
|
||||
--type="https-client"
|
||||
...
|
||||
@end example
|
||||
|
||||
|
||||
@subsection Email
|
||||
|
||||
@subsection PK-INIT
|
||||
|
||||
@subsection XMPP/Jabber
|
||||
|
||||
The server certificate should have a dNSname that is the same as the
|
||||
user entered into the application, not the same as the hostname of the
|
||||
machine.
|
||||
The jabber server certificate should have a dNSname that is the same as
|
||||
the user entered into the application, not the same as the hostname of
|
||||
the machine.
|
||||
|
||||
@example
|
||||
hxtool issue-certificate \
|
||||
--subject="cn=xmpp1.test.h5l.se,dc=test,dc=h5l,dc=se" \
|
||||
--hostname="xmpp1.test.h5l.se" \
|
||||
--hostname="test.h5l.se" \
|
||||
...
|
||||
@end example
|
||||
|
||||
The certificate may also contain a jabber identifier (JID) that, if the
|
||||
receiver allows it, authorises the server or client to use that JID.
|
||||
|
||||
When storing a JID inside the certificate, both for server and client,
|
||||
its stored inside a UTF8String within an otherName entity inside the
|
||||
|
Reference in New Issue
Block a user