In the initial two versions of the X.509 standard the only way to assert an identity was to use the “Subject” field of the certificate.
For information about how to troubleshoot wireless connectivity on wireless networks that do not use 802.1X authentication, see Troubleshooting Microsoft Windows XP-based Wireless Networks in the Small Office or Home Office.
As mentioned in my previous blog entry on the X.509 certificate, this is a throw back to the roots and original intent for PKI: directory services.
Later, when version 3 of the X.509 standard was passed, the “Subject Alternative Name” (sometimes referred to as a “SAN” field) was added allowing the issuer additional flexibility in specifying the identity of the authenticating entity.
While OCSP is beneficial, it is not used as widely as CRLs and therefore is not as reliable.
Also, it is a real-time, Internet-hosted check that can introduce some request handling latency.: When CRL checking, OCSP checking, or both are enabled, use this option to block certificates that do not have the expected, associated URIs.
validating a certificate from a web server will differ from validating a signed e-mail), and configuration of the Windows computer performing the validation.