add Application requirements and write about xmpp/jabber.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19865 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -238,11 +238,12 @@ Setting up a CA
|
|||||||
@c * Issuing certificates::
|
@c * Issuing certificates::
|
||||||
* Creating a CA certificate::
|
* Creating a CA certificate::
|
||||||
* Issuing a server certificate::
|
* Issuing a server certificate::
|
||||||
@c * Issuing a user certificate::
|
* Issuing a user certificate::
|
||||||
@c * Issuing a proxy certificate::
|
@c * Issuing a proxy certificate::
|
||||||
@c * Creating a user certificate::
|
@c * Creating a user certificate::
|
||||||
@c * Validating a certifiate::
|
@c * Validating a certifiate::
|
||||||
@c * Validating a certifiate path::
|
@c * Validating a certifiate path::
|
||||||
|
* Application requirements::
|
||||||
|
|
||||||
CMS signing and encryption
|
CMS signing and encryption
|
||||||
|
|
||||||
@@ -366,7 +367,7 @@ hxtool issue-certificate \
|
|||||||
--certificate="FILE:ca.pem"
|
--certificate="FILE:ca.pem"
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
@node Issuing a server certificate, CMS signing and encryption, Creating a CA certificate, Top
|
@node Issuing a server certificate, Issuing a user certificate, Creating a CA certificate, Top
|
||||||
@section Issuing a server certificate
|
@section Issuing a server certificate
|
||||||
|
|
||||||
The first component should be a CN, and should contain the name of the
|
The first component should be a CN, and should contain the name of the
|
||||||
@@ -392,8 +393,46 @@ hxtool issue-certificate \
|
|||||||
--certificate="FILE:cert-ee.pem"
|
--certificate="FILE:cert-ee.pem"
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
|
@node Issuing a user certificate, Application requirements, Issuing a server certificate, Top
|
||||||
|
@section Issuing a user certificate
|
||||||
|
|
||||||
@node CMS signing and encryption, CMS background, Issuing a server certificate, Top
|
To issue a certificate to a user is usually quite simpler in terms of
|
||||||
|
that Extended Key Usage and Subect Altertive Names that is used.
|
||||||
|
|
||||||
|
@node Application requirements, CMS signing and encryption, Issuing a user certificate, Top
|
||||||
|
@section Application requirements
|
||||||
|
|
||||||
|
@subsection HTTPS
|
||||||
|
|
||||||
|
@subsection Email
|
||||||
|
|
||||||
|
@subsection PK-INIT
|
||||||
|
|
||||||
|
@subsection XMPP/Jabber
|
||||||
|
|
||||||
|
The server certificate should have a dNSname that is the same as the
|
||||||
|
user entered into the application, not the same as the hostname of the
|
||||||
|
machine.
|
||||||
|
|
||||||
|
When storing a JID inside the certificate, both for server and client,
|
||||||
|
its stored inside a UTF8String within an otherName entity inside the
|
||||||
|
subjectAltName, using the OID id-on-xmppAddr (1.3.6.1.5.5.7.8.5).
|
||||||
|
|
||||||
|
To read more about the requirements, see RFC3920, Extensible Messaging
|
||||||
|
and Presence Protocol (XMPP): Core.
|
||||||
|
|
||||||
|
hxtool issue-certificate have support to add jid to the certificate
|
||||||
|
using the option --jid.
|
||||||
|
|
||||||
|
@example
|
||||||
|
hxtool issue-certificate \
|
||||||
|
--subject="cn=Love,dc=test,dc=h5l,dc=se" \
|
||||||
|
--jid="lha@@test.h5l.se" \
|
||||||
|
...
|
||||||
|
@end example
|
||||||
|
|
||||||
|
|
||||||
|
@node CMS signing and encryption, CMS background, Application requirements, Top
|
||||||
@chapter CMS signing and encryption
|
@chapter CMS signing and encryption
|
||||||
|
|
||||||
CMS is the Cryptographic Message System that among other, is used by
|
CMS is the Cryptographic Message System that among other, is used by
|
||||||
|
|||||||
Reference in New Issue
Block a user