For an IoT project, I want to secure client server communication. I want both the server (Apache) and the clients identify/authenticate each other (a client won't communicate with other clients) before clients can post some data.
There is much less information about client certificates. Besides documentations, there are best practices. I would like to know, how to set common name and subject alternative names for clients, as they won't have a domain name and a fix IP address.
Do I simply tell the server to ignore a mismatch? Can I use a wild card only CN (CN=*)? I also would like the cert to identify specific client. Server needs to be able to tell apart client 1 from client 2, etc...
Thanks!