How to issue a TLS certificate to a user?

N

Nikxp2020-04-07 11:34:52

Digital certificates

Nikxp, 2020-04-07 11:34:52

I want to make user authentication through TLS certificate.
It turned out to be done only for the host (when the common name of the object in the certificate matches the name of the machine for which the certificate was issued).

How can a certificate be issued to a user so that it can be written to a token and used to sign messages on any machine in which the token is mounted?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

CityCat4, 2020-04-07
@Nikxp

A certificate is a set of information that is verified and validated by the issuing CA (or not verified by anyone if the CA is your own), encrypted and signed. And any use means simply reconciling the current information with what is stored inside the certificate.
The most frequently checked CN - Common Name. For servers, the server name is entered in this field, for mail certificates - usually the username (in theory, it can be checked, but I did not do that).
Check email less often. For servers, the address of the responsible person is entered in this field and it is informational; for mail certificates - the email address.
Programmatically, you can check any field, if it is present in the certificate (and the fact of presence too :) ) There are zillions of templates, including those with fields in Russian, although I try to avoid this - it is not known how the software will react.