Solved: Using certificates as an authentication method for AnyConnect VPN

Shaun Michelson · ‎04-23-2014

I'm trying to add certificates as an authentication method for one of my AnyConnect Connection Profiles, i.e., through the use of the "Certificate Matching" option available in the AnyConnect Client Profile. My question is regarding the "Distinguished Name Entry" options available. I know what some of them refer to (e.g., "ISSUER-CN" is just like it sounds), but some of them I don't know ("GENQ", "EA", etc). Is there a reference somewhere that I can use to figure out what each of these options mean? Below is a sreenshot of the window in question. Thanks!

Marvin Rhoads · ‎04-23-2014

The command reference has a good explanation of the various DN fields. Here's a copy of the listing:

The tag values are as follows:

DNQ = DN qualifier
GENQ = Generational qualifier
I = Initials
GN = Given name
N = Name
SN = Surname
IP = IP address
SER = Serial number
UNAME = Unstructured name
EA = Email address
T = Title
O = Organization Name
L = Locality
SP = State/Province
C = Country
OU = Organizational unit
CN = Common name

View solution in original post

Marvin Rhoads · ‎04-23-2014

The command reference has a good explanation of the various DN fields. Here's a copy of the listing:

The tag values are as follows:

DNQ = DN qualifier
GENQ = Generational qualifier
I = Initials
GN = Given name
N = Name
SN = Surname
IP = IP address
SER = Serial number
UNAME = Unstructured name
EA = Email address
T = Title
O = Organization Name
L = Locality
SP = State/Province
C = Country
OU = Organizational unit
CN = Common name