Cisco ASA 5505 Configuration Manual page 1386

Mapping Certificates to IPsec or SSL VPN Connection Profiles
DN Field
Organizational Unit
(OU)
Serial Number (SER)
Surname (SN)
State/Province (S/P)
Title (T)
User ID (UID)
Unstructured Name
(UNAME)
IP Address (IP)
Operator—Select the operator used in the rule:
•
Value—Enter up to 255 characters to specify the object of the operator. For Extended Key Usage,
•
select one of the pre-defined values in the drop-down list, or you can enter OIDs for other
extensions. The pre-defined values include the following:
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Cisco ASA 5500 Series Configuration Guide using ASDM
64-76
Definition
The subgroup within the organization.
The serial number of the certificate.
The family name or last name of the certificate owner.
The state or province where the organization is located.
The title of the certificate owner, such as Dr.
The identification number of the certificate owner.
The unstructuredName attribute type specifies the name or names of a
subject as an unstructured ASCII string.
IP address field.
Equals—The distinguished name field must exactly match the value.
–
– Contains—The distinguished name field must include the value within it.
– Does Not Equal—The distinguished name field must not match the value
– Does Not Contain—The distinguished name field must not include the value within it.
Selection Key Usage Purpose
clientauth Client Authentication
codesigning Code Signing
emailprotection Secure Email Protection
ocspsigning OCSP Signing
serverauth Server Authentication
timestamping Time Stamping
Modes
Security Context
Transparent Single
—
•
OID String
1.3.6.1.5.5.7.3.2
1.3.6.1.5.5.7.3.3
1.3.6.1.5.5.7.3.4
1.3.6.1.5.5.7.3.9
1.3.6.1.5.5.7.3.1
1.3.6.1.5.5.7.3.8
Multiple
Context System
— —
Chapter 64 General VPN Setup
OL-20339-01