- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2025 04:15 AM
Dear All,
Starting with Secure Client 5.0 we have the ability to automatically select a certificate based on the template identifier:
https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/Cisco-Secure-Client-5/admin/guide/b-cisco-secure-client-admin-guide-5-0/anyconnect-profile-editor.html
"
-
Template Identifier—Provide the string-based extension for the certificate or the OID (Template Information extension) that identifies the Template Name (OID:1.3.6.1.4.1.311.20.2) AND Template Information (OID: 1.3.6.1.4.1.311.21.7) to use for cert generation.
Does anyone know how this works? I’ve tried using the OIDs from my own certificate, but it doesn’t work. Based on the DART logs, the Secure Client cannot find a certificate that matches the criteria.
I’ve tried using the full OID from my certificate, the string-based extension, and the OID, but none of these worked.
Regards,
Norbert
Solved! Go to Solution.
- Labels:
-
AnyConnect
-
Remote Access
-
VPN
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2025 05:26 AM
Turned out that you have to use a different OID.
Not the 1.3.6.1.4.1.311.21.7, but the 1.3.6.1.4.1.311.21.8, and use the full OID in the XML:
Regards,
Norbert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2025 05:26 AM
Turned out that you have to use a different OID.
Not the 1.3.6.1.4.1.311.21.7, but the 1.3.6.1.4.1.311.21.8, and use the full OID in the XML:
Regards,
Norbert
