Hello My european organization is using a certificate chain which signs tens of thousands of user certificates. My local organization counts 300 users ... and i only want these 300 to get in the IT system. I'd like to know if there is a way to restrict the connection to a subset of certificates ( for example based on a list of authorized emails which are written in the certificate )
Sincerely Fred
On Wed, 10 Jul 2019 16:01:31 +0000 (UTC) "fmgre-dell@yahoo.fr" fmgre-dell@yahoo.fr wrote:
Hello My european organization is using a certificate chain which signs tens of thousands of user certificates. My local organization counts 300 users ... and i only want these 300 to get in the IT system. I'd like to know if there is a way to restrict the connection to a subset of certificates ( for example based on a list of authorized emails which are written in the certificate )
Sincerely Fred
Hi,
read the manual reference to checkEmail and other check options.
Regards.
Fred,
On 7/10/19 12:01, fmgre-dell@yahoo.fr wrote:
Hello
My european organization is using a certificate chain which signs tens of thousands of user certificates.
My local organization counts 300 users ... and i only want these 300 to get in the IT system.
I'd like to know if there is a way to restrict the connection to a subset of certificates ( for example based on a list of authorized emails which are written in the certificate )
Sincerely
Fred
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Fred,
(Apologies for the previous empty email.)
On 7/10/19 12:01, fmgre-dell@yahoo.fr wrote:
Hello
My european organization is using a certificate chain which signs tens of thousands of user certificates.
My local organization counts 300 users ... and i only want these 300 to get in the IT system.
I'd like to know if there is a way to restrict the connection to a subset of certificates ( for example based on a list of authorized emails which are written in the certificate )
Why not simply create a new CA certificate, sign those 300 you trust, and then trust the new CA?
-chris
Thanks you for your answers( sorry for not knowing the checkEmail option in the man page :-( I ll try that for the 300 emails ) (( i m not keen on building a key Management framework from scratch just for this use : the user will need the european certificate for some use and then a second one for other uses ... the certificate management is always considered as complicated by end users ... ))
Thanks again Fred Le mercredi 10 juillet 2019 18:01:31 UTC+2, fmgre-dell@yahoo.fr fmgre-dell@yahoo.fr a écrit :
Hello My european organization is using a certificate chain which signs tens of thousands of user certificates. My local organization counts 300 users ... and i only want these 300 to get in the IT system. I'd like to know if there is a way to restrict the connection to a subset of certificates ( for example based on a list of authorized emails which are written in the certificate )
Sincerely Fred
-
Christopher Schultz -
fmgre-dell@yahoo.fr -
Javier