Thanks you for your answers

( sorry for not knowing the checkEmail option in the man page :-( I ll try that for the 300 emails )

(( i m not keen on building a key Management framework from scratch just for this use : the user will need the european certificate for some use and then a second one for other uses ... the certificate management is always considered as complicated by end users ... ))

Thanks again

Fred

Le mercredi 10 juillet 2019 18:01:31 UTC+2, fmgre-dell@yahoo.fr <fmgre-dell@yahoo.fr> a écrit :

Hello

My european organization is using a certificate chain which signs tens of thousands of user certificates.

My local organization counts 300 users ... and i only want these 300 to get in the IT system.

I'd like to know if there is a way to restrict the connection to a subset of certificates ( for example based on a list of authorized emails which are written in the certificate )

Sincerely

Fred