Cisco Support Community
Community Member

ACS user and machine certificate.

Hi Community!


When trying to authenticate machine and users to an ACS 5.5 we have encountered some problems by trying to make this work.

The principal username in the user certificate is in the CN field and the principal username in the machine certificate is in the SAN=DNS field.


In the Certificate Authentication Profile I have configured that the principal username is the CN and this works only when the user is validated, but when I change it to SAN=DNS the user cannot validate but the machine does. I tried adding to fields but it seems this is impossible in the identity store sequence.


So I went ahead and created to authentication profiles in the identity portion of the access policy, one for machine and one for user (with their respective identity store sequence) and the behavior is almost the same.


Am I doing something wrong in here? Can this scenario be achieved with the types of certificates we use?

Thanks in advance

Everyone's tags (1)
CreatePlease to create content