but as i understood things. i need to create a certificate for every client by its username, so i made a certificate for a client with username 333, then i used these same certificates for another user 777.
777 was able to register successfully and make an encrypted call as well. does this conflict with what was stated in the link above or not? should n’t i be creating a certificate for every user by its username? or i should only create one certificate for all users? i still did not get it.
I’m not completely sure what the certificate name is verified against. It might only be the signature that is checked. Even in that case, you should still have separate ones for each phone, in case one of them gets compromised.
More importantly, though, is that TLS V 1 is now considered insecure, so you should not be using it. V 1.1 should be considered a last resort and V 1.2 is the minimum that should be used without a full risk assessment.
so what you are trying to say guys is that, you could have a certificate name that is different than the name of the user. but you recommend having a unique certificate for every user?
and thanks @david551 for your information concerning the method of the TLS, is sslv23 secure? just in case of usage in future. and as i understood, i should be using tlsv1.1 (or maybe tlsv1.2) instead of tlsv1? so is it tlsv1.1 or tlsv1.2?
TLS provides two things: Encryption and identity. They are separate.
If you have no client certificate the connection is still encrypted, but anyone can connect.
If you have a client certificate the connection is encrypted and you know that the client is using a certificate you gave them - giving some identity. If everyone has the SAME client certificate then if you want to stop them from connecting, you stop everyone. If everyone has a DIFFERENT client certificate then you can stop only that single client from being able to connect.