CERT_MAP - UBROKER UACL entry

Description

A CERT_MAP UACL entry maps a client X.509 certificate to certificate identifier.

CERT_MAP defines one or more certificate fields and values that are used to match against the client's certificate. All of the fields defined by CERT_MAP must match the client certificate in order for the rule to be considered a match.

Usage


Method

Syntax

IBM i

UNIX

Windows

z/OS

UACL File Keyword

cert_map id=certid,cert-field(s)

(tick)

(tick)

(tick)

(tick)


Values

id is the certificate identifier.

cert-fields is a comma-separated list of one or more certificate fields. Values in the certificate fields support generic specification.

CERT_MAP Examples:

Example

Description

cert_map id=myhost,hostname=myhost.com

Validates certificate subject alternate name dns.

cert_map id=myhost,hostname=myhost.com,serialnumber=025678B34

Validates certificate subject alternate name dns, and certificate serial number.

cert_map id=myhost,subject="/CN=myhost.com/"

Validates certificate subject common name.

cert_map id=myuser,email=myuser@myhost.com

Validates certificate subject alternate name email.

cert_map id=myuser,ipaddress=127.0.0.1

Validates certificate subject alternate name IP address.


(See X.509 Certificates for a detail discussion on the cert-fields values.)