![]() ![]() It MUST be an ASN.1 CertificateRequest structure which MUST conform to RFC2986.The following rules apply to a certificate signing request: In order to improve user experience (UX), an account registration and certificate issuance can be combined into a single step if the account's server supports this specification. In the latter case the user's server should support s2s connectivity with CA servers and, in addition, it may want to trust them if it wishes to accept c2s SASL EXTERNAL authentication ( Best Practices for Use of SASL EXTERNAL (XEP-0178) ) for users of those certificates as long as the certificates are issued for the users of this server. The CA functionality can be built into the user's server, but this is not a requirement: a client can obtain a certificate from any trusted CA server. This assumes that the CA runs an XMPP server. ![]() This document describes how such certificates can be obtained directly by an XMPP client from a trusted certificate authority (CA) using the XMPP protocol. E2E Authentication in XMPP (XEP-EAX) specifies certificate requirements for end-to-end authentication. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |