add Application requirements and write about xmpp/jabber.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19865 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -238,11 +238,12 @@ Setting up a CA
|
||||
@c * Issuing certificates::
|
||||
* Creating a CA certificate::
|
||||
* Issuing a server certificate::
|
||||
@c * Issuing a user certificate::
|
||||
* Issuing a user certificate::
|
||||
@c * Issuing a proxy certificate::
|
||||
@c * Creating a user certificate::
|
||||
@c * Validating a certifiate::
|
||||
@c * Validating a certifiate path::
|
||||
* Application requirements::
|
||||
|
||||
CMS signing and encryption
|
||||
|
||||
@@ -366,7 +367,7 @@ hxtool issue-certificate \
|
||||
--certificate="FILE:ca.pem"
|
||||
@end example
|
||||
|
||||
@node Issuing a server certificate, CMS signing and encryption, Creating a CA certificate, Top
|
||||
@node Issuing a server certificate, Issuing a user certificate, Creating a CA certificate, Top
|
||||
@section Issuing a server certificate
|
||||
|
||||
The first component should be a CN, and should contain the name of the
|
||||
@@ -392,8 +393,46 @@ hxtool issue-certificate \
|
||||
--certificate="FILE:cert-ee.pem"
|
||||
@end example
|
||||
|
||||
@node Issuing a user certificate, Application requirements, Issuing a server certificate, Top
|
||||
@section Issuing a user certificate
|
||||
|
||||
@node CMS signing and encryption, CMS background, Issuing a server certificate, Top
|
||||
To issue a certificate to a user is usually quite simpler in terms of
|
||||
that Extended Key Usage and Subect Altertive Names that is used.
|
||||
|
||||
@node Application requirements, CMS signing and encryption, Issuing a user certificate, Top
|
||||
@section Application requirements
|
||||
|
||||
@subsection HTTPS
|
||||
|
||||
@subsection Email
|
||||
|
||||
@subsection PK-INIT
|
||||
|
||||
@subsection XMPP/Jabber
|
||||
|
||||
The server certificate should have a dNSname that is the same as the
|
||||
user entered into the application, not the same as the hostname of the
|
||||
machine.
|
||||
|
||||
When storing a JID inside the certificate, both for server and client,
|
||||
its stored inside a UTF8String within an otherName entity inside the
|
||||
subjectAltName, using the OID id-on-xmppAddr (1.3.6.1.5.5.7.8.5).
|
||||
|
||||
To read more about the requirements, see RFC3920, Extensible Messaging
|
||||
and Presence Protocol (XMPP): Core.
|
||||
|
||||
hxtool issue-certificate have support to add jid to the certificate
|
||||
using the option --jid.
|
||||
|
||||
@example
|
||||
hxtool issue-certificate \
|
||||
--subject="cn=Love,dc=test,dc=h5l,dc=se" \
|
||||
--jid="lha@@test.h5l.se" \
|
||||
...
|
||||
@end example
|
||||
|
||||
|
||||
@node CMS signing and encryption, CMS background, Application requirements, Top
|
||||
@chapter CMS signing and encryption
|
||||
|
||||
CMS is the Cryptographic Message System that among other, is used by
|
||||
|
||||
Reference in New Issue
Block a user