Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
2
Replies

VPN 3000 concentrator's PKCS#10 form

haseeb_eng
Level 1
Level 1

‎09-26-2003 01:17 PM - edited ‎02-21-2020 12:47 PM

In the PKCS#10 form of vpn 3000 series concentrator the OU field must match the group name otherwise that group can't connect to the vpn concrator . If you don't fill the group field then by default which field overwrites the group field ?

Labels:
0 Helpful
2 Replies 2

drolemc
Level 6
Level 6

‎10-01-2003 11:30 AM

I was told that the OU field of the certificate of the Concentrator had to match the OU field of the Client Certificate. However I remember testing my setup with different OU in the concentrator certificate and things seemed to work fine.

0 Helpful

8dstaicu
Level 1
Level 1

‎10-03-2003 06:22 AM

By default you have Configuration->Policy Management->Group Matching->Policy->Obtain Group from OU box checked.

It's more flexible to uncheck this box and, then check Match Group from Rules. After, you need to configure one or more rules. In rules you are able to select from Subject of from issuer what Distinguished Name you want. I have a complex configuration based on that and works very nice.

0 Helpful
Customers Also Viewed These Support Documents