From 93296d7217ad57e1dde69fe8594dd33896e792c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Fri, 12 Jan 2007 12:57:57 +0000 Subject: [PATCH] More about jabber and application certs in general. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19867 ec53bebd-3082-4978-b11e-865c3cabbd6b --- doc/hx509.texi | 38 +++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/doc/hx509.texi b/doc/hx509.texi index dcbbff59e..587dc2843 100644 --- a/doc/hx509.texi +++ b/doc/hx509.texi @@ -402,17 +402,49 @@ that Extended Key Usage and Subect Altertive Names that is used. @node Application requirements, CMS signing and encryption, Issuing a user certificate, Top @section Application requirements +Application have different requirements on certificates. This section +tries to expand what they are and how to use hxtool to generate +certificates for those services. + @subsection HTTPS +@example +hxtool issue-certificate \ + --subject="cn=www.test.h5l.se,dc=test,dc=h5l,dc=se" \ + --type="https-server" \ + --hostname="www.test.h5l.se" \ + --hostname="www2.test.h5l.se" \ + ... +@end example + +@example +hxtool issue-certificate \ + --subject="uid=testus,dc=test,dc=h5l,dc=se" \ + --type="https-client" + ... +@end example + + @subsection Email @subsection PK-INIT @subsection XMPP/Jabber -The server certificate should have a dNSname that is the same as the -user entered into the application, not the same as the hostname of the -machine. +The jabber server certificate should have a dNSname that is the same as +the user entered into the application, not the same as the hostname of +the machine. + +@example +hxtool issue-certificate \ + --subject="cn=xmpp1.test.h5l.se,dc=test,dc=h5l,dc=se" \ + --hostname="xmpp1.test.h5l.se" \ + --hostname="test.h5l.se" \ + ... +@end example + +The certificate may also contain a jabber identifier (JID) that, if the +receiver allows it, authorises the server or client to use that JID. When storing a JID inside the certificate, both for server and client, its stored inside a UTF8String within an otherName entity inside the