TLS: assigning certificates to username

Alan DeKok aland at
Thu May 5 17:24:08 CEST 2016

On May 5, 2016, at 11:06 AM, Arran Cudbard-Bell <a.cudbardb at> wrote:
> Where the peer identity represents a host, a subjectAltName of type
>   dnsName SHOULD be present in the peer certificate.  Where the peer
>   identity represents a user and not a resource, a subjectAltName of
>   type rfc822Name SHOULD be used, conforming to the grammar for the
>   Network Access Identifier (NAI) defined in Section 2.1 of [RFC4282].
>   If a dnsName or rfc822Name are not available, other field types (for
>   example, a subjectAltName of type ipAddress or
>   uniformResourceIdentifier) MAY be used.

  OK.. so another one of the million fields available in the cert.  <sigh>

  Alan DeKok.

More information about the Freeradius-Users mailing list