Mapping Certificates to IPsec or SSL VPN Connection Profiles
DN Field
Organizational Unit
(OU)
Serial Number (SER)
Surname (SN)
State/Province (S/P)
Title (T)
User ID (UID)
Unstructured Name
(UNAME)
IP Address (IP)
Operator—Select the operator used in the rule:
•
Value—Enter up to 255 characters to specify the object of the operator. For Extended Key Usage,
•
select one of the pre-defined values in the drop-down list, or you can enter OIDs for other
extensions. The pre-defined values include the following:
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Cisco ASA 5500 Series Configuration Guide using ASDM
64-76
Definition
The subgroup within the organization.
The serial number of the certificate.
The family name or last name of the certificate owner.
The state or province where the organization is located.
The title of the certificate owner, such as Dr.
The identification number of the certificate owner.
The unstructuredName attribute type specifies the name or names of a
subject as an unstructured ASCII string.
IP address field.
Equals—The distinguished name field must exactly match the value.
–
–
Contains—The distinguished name field must include the value within it.
–
Does Not Equal—The distinguished name field must not match the value
–
Does Not Contain—The distinguished name field must not include the value within it.
Selection
Key Usage Purpose
clientauth
Client Authentication
codesigning
Code Signing
emailprotection
Secure Email Protection
ocspsigning
OCSP Signing
serverauth
Server Authentication
timestamping
Time Stamping
Modes
Security Context
Transparent Single
—
•
OID String
1.3.6.1.5.5.7.3.2
1.3.6.1.5.5.7.3.3
1.3.6.1.5.5.7.3.4
1.3.6.1.5.5.7.3.9
1.3.6.1.5.5.7.3.1
1.3.6.1.5.5.7.3.8
Multiple
Context
System
—
—
Chapter 64
General VPN Setup
OL-20339-01