PANOS6.0.5 Inbuilt CA can't generate a certificate with UPN (user principal name) attribute?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PANOS6.0.5 Inbuilt CA can't generate a certificate with UPN (user principal name) attribute?

L2 Linker

PANOS 6.05 inbuilt PAN certificate authority doesnt seem to have the ability to generate a certificate with subjectalternate value for UPN (user principal name e.g user@domain.local ). 

 

This is the standard way that Microsoft embeds usernames (UPN format) into certificates, 

 

On PAN CA generated certificates you could set the username/samaccountname in the subject field.. but then you end up with two different user certificate formattings, which would require separate certificate profiles if matching LDAP username to Certificate username..

 

Wheras microsoft's standard user certificate templates only allow the use of "common name" and "fully distinguished name" in the subject field when automatically building certificates from AD attributes..

 

Has this been remediated in newer releases? Can the PAN inbuilt CA now generate certificates with SAN UPN field? or is there a cleaner workaround then having to have separate certificate profiles for PAN generated user certificates vs Microsoft CA generated user certificates?

 

 

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi, CMG,

 

I am running 7.0 and I just checked - not available yet. Your best bet is to submit a feature request through a SE, I think.

 

Regards

 

Luciano

View solution in original post

1 REPLY 1

L5 Sessionator

Hi, CMG,

 

I am running 7.0 and I just checked - not available yet. Your best bet is to submit a feature request through a SE, I think.

 

Regards

 

Luciano

  • 1 accepted solution
  • 1814 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!