cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
85
Views
0
Helpful
0
Replies

Secure Client Template Identifier

SzantaiNorbert
Level 1
Level 1

Dear All,

Starting with Secure Client 5.0 we have the ability to automatically select a certificate based on the template identifier:
https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/Cisco-Secure-Client-5/admin/guide/b-cisco-secure-client-admin-guide-5-0/anyconnect-profile-editor.html

"

Template Identifier—Provides a different way to match certificates in the Profile Editor Certificate Match panel and includes additional filtering of the Template Name and Template Information Certificate fields. To minimize the number of certificates to send to the Secure Firewall ASA, you can provide a certificate Template Identifier by clicking Add. This customized identifier allows you to send only those certificates that match the given criteria, thus reducing connection time because less certificates are sent for authentication. For example, you can establish different templates based on how privileges vary for business groups and provide filtering beyond general DN-based fields.
  • Template Identifier—Provide the string-based extension for the certificate or the OID (Template Information extension) that identifies the Template Name (OID:1.3.6.1.4.1.311.20.2) AND Template Information (OID: 1.3.6.1.4.1.311.21.7) to use for cert generation.

Does anyone know how this works? I’ve tried using the OIDs from my own certificate, but it doesn’t work. Based on the DART logs, the Secure Client cannot find a certificate that matches the criteria.
I’ve tried using the full OID from my certificate, the string-based extension, and the OID, but none of these worked.

Regards,

Norbert

0 Replies 0