[jdev] subjectAltName in X.509 certificate
Vinod Panicker
vinod.p at gmail.com
Tue Dec 20 02:46:24 CST 2005
Hi,
Was looking at creating an X.509 certificate for the server, and was
reading the requirements in the RFC. There are two places where
requirements are stated in RFC 3920 -
The certificate SHOULD then be checked against the expected
identity of the peer following the rules described in [HTTP-TLS],
except that a subjectAltName extension of type "xmpp" MUST be
used as the identity if present
and
If a JID for any kind of XMPP entity (e.g.,
client or server) is represented in a certificate, it MUST be
represented as a UTF8String within an otherName entity inside the
subjectAltName, using the [ASN.1] Object Identifier
"id-on-xmppAddr" specified in Section 5.1.1 of this document.
So if I'm generating a cert for the server, then I need to specify the
domain that the server is serving, which is also a valid jid. So does
that mean that I have to go according to the second para?
What the first para says isn't making sense to me. AFAIK, there is no
"xmpp" extension for subjectAltName (did it mean to say otherName
entity? if so, what abt the oid?)
Regards,
Vinod.
More information about the JDev
mailing list