Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA VPN Certificate DN Authentication

Hi,

I am new to Cisco asa vpn and I would like to enquire on certificate authentication for anyconnect vpn. Based on my understanding, the asa can perform a dn check on the following:

Attribute

Definition

C

Country: the two-letter country abbreviation. These codes conform  to ISO 3166 country abbreviations.

CN

Common Name: the name of a person, system, or other entity. Not  available a s a secondary attribute.

DNQ

Domain Name Qualifier.

EA

E-mail address.

GENQ

Generational Qualifier.

GN

Given Name.

I

Initials.

L

Locality: the city or town where the organization is located.

N

Name.

O

Organization: the name of the company, institution, agency,  association or other entity.

OU

Organizational Unit: the subgroup within the organization (O).

SER

Serial Number.

SN

Surname.

SP

State/Province: the state or province where the organization is  located

T

Title.

UID

User Identifier.

UPN

User Principal Name

I would like to enquire on how does it check if 'use the entire dn as username" for authentication for anyconnect client; does it make use of all the possible parameter fields in the list for authentication? I would also like to check if it may be possible to make use of certificate thumbprint for authentication? I do understand that certificate thumbprint is the hash result of the public key; however not too sure if that may be used for authentication?

I would appreciate any input/opinion.

550
Views
0
Helpful
0
Replies
CreatePlease login to create content