X509主题替代名称(subjectAltName)IP地址字段 [英] X509 subject alternative name (subjectAltName) IP address field
本文介绍了X509主题替代名称(subjectAltName)IP地址字段的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
X509v3可以在主题替代名称扩展名中包含 IP 地址字段。
- 作为验证服务器身份的应用程序,应如何验证IP地址字段?
- 如果DNS名称和IP地址都存在?是否有一个优先于另一个?
-
dirName字段的用途
解决方案
我早前读过RFC 2818,但一定错过了这部分。 pre> 在某些情况下,URI被指定为IP地址而不是
主机名。在这种情况下,iPAddress subjectAltName必须在证书中存在
,并且必须与URI中的IP完全匹配。
X509v3 can contain IP address field in subject Alternative Name extension.
- As an application verifying the server's identity, how should the IP address field be validated?
- If both DNS name and IP address are present? Is there a preference of one over the another?
- What is the use of
dirNamefield?
解决方案
I read RFC 2818 earlier but must have missed this part.
In some cases, the URI is specified as an IP address rather than a
hostname. In this case, the iPAddress subjectAltName must be present
in the certificate and must exactly match the IP in the URI.
这篇关于X509主题替代名称(subjectAltName)IP地址字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
