Mark wrote: > What feature of a certificate could I use to provide an unique key > in a database table for this? How could this be extracted in a > program?
The Common Name. You could use it as an LDAP key, convert it to a string and use that a key into a database, etc. One important nit -- you want to verify the issuer and should actually check (issuer, common name) instead of just your common name. It reduces to the CN alone if you only accept your own certificates. If you don't check the issuer you're vulnerable to black hats generating their own certificates and using them to gain access. BTW, Ted was referring to the separation between "authentication" (who are you) and "authorization" (what can you do). It's a standard security practice and you should think very hard before combining the functions. Checking IP address would be part of the authentication step. Bear ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
