Cisco Cisco Meeting Server 2000
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Single Combined Deployments
7
Information
Description
Location (L)
City or town. For example, London, Boston, Milan, Berlin.
Province, Region, County or State (ST)
For example, Buckinghamshire, New Jersey. Do not
abbreviate.
abbreviate.
Country (C)
The two-letter ISO code for the country where your
organization is located. For example, US, GB, FR.
organization is located. For example, US, GB, FR.
An email address
An email address to contact the organization. Usually the
email address of the certificate administrator or IT
department.
email address of the certificate administrator or IT
department.
Subject Alternative Name
(subjectAltName)
(subjectAltName)
From X509 Version 3 (RFC 2459), SSL certificates are
allowed to specify multiple names that the certificate should
match. subjectAltName (SAN) can contain, for example, email
addresses, IP addresses, regular DNS host names.
allowed to specify multiple names that the certificate should
match. subjectAltName (SAN) can contain, for example, email
addresses, IP addresses, regular DNS host names.
1.2.3 Chain of Trust
When an entity is challenged by another to provide its certificate for authentication, that entity
needs to present its own certificate, along with a series of other certificates that establish a link
to a Certificate Authority that the challenging party trusts (usually known as the Root Certificate
Authority). This hierarchy of certificates, linking an entity’s certificate to a Root CA, is called a
‘chain of trust’. It is quite often the case that a Root CA has signed a certificate for another
Certificate Authority (known as an Intermediate CA), which in turn has signed the entity’s
certificate. In that case, the entity needs to present both its own certificate and the certificate for
this Intermediate CA that has been issued by the Root CA. If the entity only presented its own
certificate, without establishing a link to a trusted Root CA, the challenging party will not trust
the certificate presented. The series of certificates that link an entity’s certificate to a root CA is
known as ‘intermediate certificates’ as they are issued to Intermediate CAs.
needs to present its own certificate, along with a series of other certificates that establish a link
to a Certificate Authority that the challenging party trusts (usually known as the Root Certificate
Authority). This hierarchy of certificates, linking an entity’s certificate to a Root CA, is called a
‘chain of trust’. It is quite often the case that a Root CA has signed a certificate for another
Certificate Authority (known as an Intermediate CA), which in turn has signed the entity’s
certificate. In that case, the entity needs to present both its own certificate and the certificate for
this Intermediate CA that has been issued by the Root CA. If the entity only presented its own
certificate, without establishing a link to a trusted Root CA, the challenging party will not trust
the certificate presented. The series of certificates that link an entity’s certificate to a root CA is
known as ‘intermediate certificates’ as they are issued to Intermediate CAs.
1 Introduction