More about jabber and application certs in general.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19867 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-01-12 12:57:57 +00:00
parent 8ee90eee7d
commit 93296d7217

View File

@@ -402,17 +402,49 @@ that Extended Key Usage and Subect Altertive Names that is used.
@node Application requirements, CMS signing and encryption, Issuing a user certificate, Top
@section Application requirements
Application have different requirements on certificates. This section
tries to expand what they are and how to use hxtool to generate
certificates for those services.
@subsection HTTPS
@example
hxtool issue-certificate \
--subject="cn=www.test.h5l.se,dc=test,dc=h5l,dc=se" \
--type="https-server" \
--hostname="www.test.h5l.se" \
--hostname="www2.test.h5l.se" \
...
@end example
@example
hxtool issue-certificate \
--subject="uid=testus,dc=test,dc=h5l,dc=se" \
--type="https-client"
...
@end example
@subsection Email
@subsection PK-INIT
@subsection XMPP/Jabber
The server certificate should have a dNSname that is the same as the
user entered into the application, not the same as the hostname of the
machine.
The jabber server certificate should have a dNSname that is the same as
the user entered into the application, not the same as the hostname of
the machine.
@example
hxtool issue-certificate \
--subject="cn=xmpp1.test.h5l.se,dc=test,dc=h5l,dc=se" \
--hostname="xmpp1.test.h5l.se" \
--hostname="test.h5l.se" \
...
@end example
The certificate may also contain a jabber identifier (JID) that, if the
receiver allows it, authorises the server or client to use that JID.
When storing a JID inside the certificate, both for server and client,
its stored inside a UTF8String within an otherName entity inside the