CERT_MAP - UBROKER UACL entry
Description
A CERT_MAP UACL entry maps a client X.509 certificate to certificate identifier.
CERT_MAP defines one or more certificate fields and values that are used to match against the client's certificate. All of the fields defined by CERT_MAP must match the client certificate in order for the rule to be considered a match.
Usage
Method | Syntax | IBM i | UNIX | Windows | z/OS |
UACL File Keyword | cert_map id=certid,cert-field(s) |
|
|
|
|
Values
id is the certificate identifier.
cert-fields is a comma-separated list of one or more certificate fields. Values in the certificate fields support generic specification.
CERT_MAP Examples:
Example | Description |
---|---|
cert_map id=myhost,hostname=myhost.com | Validates certificate subject alternate name dns. |
cert_map id=myhost,hostname=myhost.com,serialnumber=025678B34 | Validates certificate subject alternate name dns, and certificate serial number. |
cert_map id=myhost,subject="/CN=myhost.com/" | Validates certificate subject common name. |
cert_map id=myuser,email=myuser@myhost.com | Validates certificate subject alternate name email. |
cert_map id=myuser,ipaddress=127.0.0.1 | Validates certificate subject alternate name IP address. |
(See X.509 Certificates for a detail discussion on the cert-fields values.)