Validating identity message
For example, *.in the APD would match certificates for a.example.com, foo.example.com, *.example.com, etc., but would not match
Also, a "*" wildcard character MAY be used as the left- most name component in the certificate or identity in the APD.
Please review these documents carefully, as they describe your rights and restrictions with respect to this document. ###### In 2010, [SNMP-TLS] specified the following text regarding application service identity verification in SNMP: ###### If the server's presented certificate has passed certification path validation [PKIX] to a configured trust anchor, and an active row exists with a zero-length snmp Tlstm Addr Server Fingerprint value, then the snmp Tlstm Addr Server Identity column contains the expected host name. Through the rule above, this document prohibits such wildcards in certificates for SIP domains. For TLS authentication with X.509 certificates, an identity from the DNS namespace MUST be checked against each subject Alt Name extension of type d NSName present in the certificate. This section defines the identity comparison algorithm for a single APD entry.
Status of This Memo This is an Internet Standards Track document.