I'm attempting to do certificate based authentication / authorization using the dnQualifier field on the certificate to store our username in the LDAP directory where the auth check is performed. I am using the standard OID for dnQualifier (2.5.4.46), but any certificate that I issue with a DNQ as part of the Subject is rejected by the ASA. Also, if I put a DNQ field in the CA cert and attempt to import that under Remote Access -> Certificate Management -> CA Certificates, the certificate is rejected as invalid.
Any ideas as to why a cert with a DNQ is being rejected?
Running ASDM version 7.1(1)52, ASA version 9.1(1), Cisco AnyConnect version 3.1.02026.