What is expected when exact match option is used.

Posted: 06/15/2016 09:58:30
by Niklas Kjellander
I'm trying to understand how the certificate lookup option exact match (loExactMatch) works.

What is expected when this option is set?

Posted: 06/16/2016 04:44:19
by Ken Ivanov (Team)

Hi Niklas,

Thank you for contacting us.

loExactMatch enables strict comparison of the RDN templates (SubjectRDN and IssuerRDN). If loExactMatch option is switched off, the TElCertificateLookup's RDN properties both specify a subset of the corresponding certificate fields. If it is switched on, the lookup's RDN properties are expected to specify the exact contents of the corresponding certificate fields.

For example, the filter of SubjectRDN=[C=GB, O=EldoS] will return all certificates whose subject RDN contains the above entries (including [C=GB, O=EldoS], [C=GB, O=EldoS, CN=www.eldos.com] and [C=GB, O=EldoS, OU=HQ, CN=Application Signing]) if loExactMatch is set to false, but will only return [C=GB, O=EldoS] of loExactMatch is set to true.

Posted: 06/17/2016 01:38:09
by Niklas Kjellander
Thank's for a good explanation. Too bad that information was not included in the documentation, that would have saved me a lot of time trying to figure out on my own.

Posted: 06/17/2016 04:02:53
by Ken Ivanov (Team)


Thank you for pointing us at the documentation issue. I've opened the case with the tech writers, they will deal with it as quickly as possible.





