cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2304
Views
0
Helpful
8
Replies

Anyconnect, how do I retrieve username from subject alternative name / SAN / DNS name attribute of certificate

Hi,

According to the configuration guide (http://www.cisco.com/c/en/us/td/docs/security/asa/asa95/asdm75/vpn/asdm-75-vpn-config/vpn-asdm-setup.html) this attribute is not one of the possible attributes that we are able to retrieve. Not even using regular expressions as far as I can see. So the last option is to use a LUA script. Has anyone had success with this?

I have tried retrieving cert.subjectaltname.upn, but this is not it.

Thanks.

8 Replies 8

Philip D'Ath
VIP Alumni
VIP Alumni

Could you put the username into another part of the certificate that you can retrieve?

Not sure. It's an MS AD environment using computer certificates already distributed. But it could be worth looking into, if no other method exists.

How come you are not using user certificates? 

End customer wants to lock down security on the PC instead of the user so that in case the PC gets stolen, the PC certificate can be revoked.

Just checking here to see if you were able to get the name pulled using the lua script.

Thanks,

Sorry, no.

Did you open a tac case for this? I guess my only option is to have them create another template to use the UPN as the san.

No, it was a long time ago. I believe the customer went for another solution. TAC is probably the way to go on this.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: