ā01-15-2016 06:07 AM - edited ā02-21-2020 08:37 PM
Hi,
According to the configuration guide (http://www.cisco.com/c/en/us/td/docs/security/asa/asa95/asdm75/vpn/asdm-75-vpn-config/vpn-asdm-setup.html) this attribute is not one of the possible attributes that we are able to retrieve. Not even using regular expressions as far as I can see. So the last option is to use a LUA script. Has anyone had success with this?
I have tried retrieving cert.subjectaltname.upn, but this is not it.
Thanks.
ā01-16-2016 01:24 AM
Could you put the username into another part of the certificate that you can retrieve?
ā01-17-2016 08:15 AM
Not sure. It's an MS AD environment using computer certificates already distributed. But it could be worth looking into, if no other method exists.
ā01-17-2016 10:57 AM
How come you are not using user certificates?
ā01-17-2016 01:27 PM
End customer wants to lock down security on the PC instead of the user so that in case the PC gets stolen, the PC certificate can be revoked.
ā07-05-2016 12:53 PM
Just checking here to see if you were able to get the name pulled using the lua script.
Thanks,
ā07-05-2016 11:06 PM
Sorry, no.
ā07-05-2016 11:10 PM
Did you open a tac case for this? I guess my only option is to have them create another template to use the UPN as the san.
ā07-05-2016 11:17 PM
No, it was a long time ago. I believe the customer went for another solution. TAC is probably the way to go on this.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: