ā01-15-2016 06:07 AM - edited ā02-21-2020 08:37 PM
Hi,
According to the configuration guide (http://www.cisco.com/c/en/us/td/docs/security/asa/asa95/asdm75/vpn/asdm-75-vpn-config/vpn-asdm-setup.html) this attribute is not one of the possible attributes that we are able to retrieve. Not even using regular expressions as far as I can see. So the last option is to use a LUA script. Has anyone had success with this?
I have tried retrieving cert.subjectaltname.upn, but this is not it.
Thanks.
ā01-16-2016 01:24 AM
Could you put the username into another part of the certificate that you can retrieve?
ā01-17-2016 08:15 AM
Not sure. It's an MS AD environment using computer certificates already distributed. But it could be worth looking into, if no other method exists.
ā01-17-2016 10:57 AM
How come you are not using user certificates?
ā01-17-2016 01:27 PM
End customer wants to lock down security on the PC instead of the user so that in case the PC gets stolen, the PC certificate can be revoked.
ā07-05-2016 12:53 PM
Just checking here to see if you were able to get the name pulled using the lua script.
Thanks,
ā07-05-2016 11:06 PM
Sorry, no.
ā07-05-2016 11:10 PM
Did you open a tac case for this? I guess my only option is to have them create another template to use the UPN as the san.
ā07-05-2016 11:17 PM
No, it was a long time ago. I believe the customer went for another solution. TAC is probably the way to go on this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide