[xmlsec] X509 - does cert need to be included in XML?
aleksey at aleksey.com
Mon Nov 17 16:36:05 PST 2008
Mark Young wrote:
> Well, I understand that X509 certificates have a "Subject" field, but I
> wasn't sure how you were suggesting I make use of that. Are you saying
> that I should use the X509SubjectName element provided by the xmldsig
> specification, and that xmlsec will match the contents of
> X509SubjectName with the contents of the Subject field of one of the
> certificates in the Keys Manager?
Correct. The "subject" (generally speaking) is a way to
uniquely identify a certificate issued by a given CA. Same is
true for "issuer name" + "serial number" combination.
Either of the two ("subject" or "issuer name" + "serial number")
can be used to lookup a certificate in the keys manager.
More information about the xmlsec