Examples: SSL Authorization

A system administrator can determine whether to accept or reject certificates by personalizing SSL authorization. For example, you can set the SSL authorization parameters and the ACCEPT and REVOKE|REJECT statements in the SSLAuth.cfg file to use this feature.

  1. To accept all certificates defined with the organization (/O) of OrgA, and the organization unit (/OU) of Marketing, and reject all other certificates, set the following in the SSLAuth.cfg file:
    Accept /OU=Marketing/O=OrgA
    revoke             
    
  2. To reject any certificates with the serial number (/SN) of 987654 or 123456, but accept all other certificates, set the following in the SSLAuth.cfg file:
    revoke /SN=987654
    revoke /SN=123456
    Accept
    
  3. To accept all certificates defined with the organization (/O) of ACME, and the organization unit (/OU) started with ACCT, but reject all other certificates, set the following in the SSLAuth.cfg file:
    Accept /OU=ACCT*/O=ACME
    revoke
    
  4. To accept all certificates matching the specification of the /CN, /L, /ST, /C, /OU and /O parameters, and the validation from December 1, 2008 to November 30, 2009, and to reject all other certificates, set the following in the SSLAuth.cfg file:
    Accept 	/CN=Joe*, 
    	/L=New York, 
    	/ST=NY, 
    	/C=US, 
    	/OU=Dept1,
    	/O=ACME, 
    	/SDATE=20081201,
    	/EDATE=200911300
    revoke