Verifying certificate fields

When using a globally signed certificate, each client must verify certificate field values to avoid trusting certificates that the same Certificate Authority has signed for other clients. This is resolved by requiring your clients to test the value of fields in the identity portion of the certificate. A Certificate Authority must guarantee the accuracy of the identification information in any certificate that it signs.

For more information about globally signed certificates, see Globally-signed certificates.

When creating a certificate using the createcert utility, you enter values for the organization, organizational unit, and common name fields. You verify these fields using corresponding client connection parameters. It is strongly recommended that you verify certificate fields if you are using a third-party Certificate Authority to globally sign certificates.

For more information about client-side encryption connection parameters, see Encryption (ENC) connection parameter.