Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
809
Views
0
Helpful
2
Replies

SCEP Anyconnect version 3 MS CA

littledavewhite
Level 1
Level 1

‎11-15-2012 08:54 AM - edited ‎02-21-2020 06:29 PM

Hi All

Im using anyconnect and SCEP proxy on the ASA, trying to get identity certs from a windows CA. I want the certs to have a common name of the user id of the person requesting, basically to take the username as the common name. Is there a way to take the login name across into the comman name as part of the cert request. In the anyconnect client profile you have the option of enrollment but if i set the Cn her it would use this for everybody ?

I want to use authentication based on certs. So each user requires their own cert based on common name. I presume then i can revoke the cert to prevent authentication ?

Any help would be great.

David

Labels:
0 Helpful
2 Replies 2

anosaxen
Level 1
Level 1

‎11-21-2012 04:37 AM

David,

Use the following wild card in the XML profile against CN

%USER%

regards

Anoop

0 Helpful

littledavewhite
Level 1
Level 1
In response to anosaxen

‎11-21-2012 05:05 AM

Anoop

This is so easy and so brilliant, going to try this and see how we go thanks very much.

David

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents