[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Verifying 'CN' in client certificates using TLS

--On Dienstag, 5. Februar 2002 16:20 +0000 Steve Powers <sgp@pani.cx> wrote:

However, the 'CN' value of my client certificate are completely ignored,
as I can install the same certificates across several clients (machines in
this case) and they will work. I'm therefore deducting that provided the
client certs have been signed by my trusted CA (my own in this case) the
'CN' value is unimportant?

Is there a way to enforce 'CN' checking against a directory entry which
details DNS hostname, or even better IP address, in OpenLDAP?

Which version of OpenLDAP are you using? Recent version do perform the Server Identity Check according to RFC2830.

Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de