8/11/2023 0 Comments Auto comment facebook extensionIf the set for a name type is empty, then the certification path will be considered invalid if any certificate in the certification path includes a name of that name type.įirst i learned there's no UPN class for this extension, so right from the start i already know this won't do. For each name type, the set may consist of a single subtree that includes all names of that name type or one or more subtrees that each specifies a subset of the names of that name type, or the set may be empty. The initial-permitted-subtrees input includes a set for each name type. Initial-permitted-subtrees, which indicates for each name type (e.g., X.500 distinguished names, email addresses, or IP addresses) a set of subtrees within which all subject names in every certificate in the certification path MUST fall. The rfc5280 says that passing empty to a permitted value will allow all of those class, while to a excluded class will deny all of those class. I am signing x509 certificates that should only be used for CN under a specific domain, not for any IP/email/UPN.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |