Hi,
Using Domino 5.0.8 and soon 6.5, we have several applications and databases. Their clients use their web browser to access them.
A SSL connection is then created in order to authenticate clients with their certificates and to protect data flow.
Certificates are generated by an external PKI including a trusted root. The subject of all these certificates has the following form :
CN=UserName
UID=UserName
O=Organization
C=Country
While client authentication, the Domino web and application server checks the validity of these certificate by consulting a LDAPv3 directory instead of using CRLs.
It appears that we will be faced to several problems if we change our PKI by a another one which not use the same naming, in particular :
The certificate subject will contain :
-
DC attributes instead of O and C
-
OU attributes in order to refer to one or more organizational units
Unfortunately, Notes seems to require that:
-
O attribute must be present in the client certificate subject
-
any OU is permitted
-
DC attributes are not supported
Do you have already encountered this problem ?
Thanks for your help.
Best Regards.
Aurelien