Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
320
Views
0
Helpful
1
Replies

Cisco ISE Certficate authentication Profile - Recommended Subject identifier

contactabbas
Level 1
Level 1

‎06-19-2014 06:00 AM - edited ‎03-10-2019 09:48 PM

Hi,

1. I wanted to know what would be the recommended subject identifier that should be used in Certificate authentication profile when doing EAP TLS with Active Directory - CA.

 

 

2. I am trying to use Subject - DNS Name but when issuing Certificate for a user from AD CA with DNS Name SAN value checked it fails and the following error is shown failed requests

"DNS Name is unavailable and cannot be added to the subject alternate name" (I maybe missing some user configuration in AD that makes DNS name for a user??)

For computers its issuing the certificate.. No Issues

Thank in advance for your help.

Regards,

Mudasir Abbas

 

Labels:
Preview file
18 KB
0 Helpful
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎06-20-2014 12:25 AM

Not a cert expert by any means but that error message does makes sense. Your domain computers automatically get a DNS record when joined to the domain. However, there is no DNS entry for your users. So for your users I would recommend that you build your certificate templates based on the SAN - Email or the Common Name. If you use the SAN-Email, make sure that your AD users do have their e-mail address listed in their domain accounts. 

Hope this helps!

 

Thank you for rating helpful posts! 

0 Helpful
Customers Also Viewed These Support Documents