When trying to authenticate machine and users to an ACS 5.5 we have encountered some problems by trying to make this work.
The principal username in the user certificate is in the CN field and the principal username in the machine certificate is in the SAN=DNS field.
In the Certificate Authentication Profile I have configured that the principal username is the CN and this works only when the user is validated, but when I change it to SAN=DNS the user cannot validate but the machine does. I tried adding to fields but it seems this is impossible in the identity store sequence.
So I went ahead and created to authentication profiles in the identity portion of the access policy, one for machine and one for user (with their respective identity store sequence) and the behavior is almost the same.
Am I doing something wrong in here? Can this scenario be achieved with the types of certificates we use?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...