08-27-2015 04:03 AM
PANOS 6.05 inbuilt PAN certificate authority doesnt seem to have the ability to generate a certificate with subjectalternate value for UPN (user principal name e.g user@domain.local ).
This is the standard way that Microsoft embeds usernames (UPN format) into certificates,
On PAN CA generated certificates you could set the username/samaccountname in the subject field.. but then you end up with two different user certificate formattings, which would require separate certificate profiles if matching LDAP username to Certificate username..
Wheras microsoft's standard user certificate templates only allow the use of "common name" and "fully distinguished name" in the subject field when automatically building certificates from AD attributes..
Has this been remediated in newer releases? Can the PAN inbuilt CA now generate certificates with SAN UPN field? or is there a cleaner workaround then having to have separate certificate profiles for PAN generated user certificates vs Microsoft CA generated user certificates?
08-27-2015 01:59 PM
Hi, CMG,
I am running 7.0 and I just checked - not available yet. Your best bet is to submit a feature request through a SE, I think.
Regards
Luciano
08-27-2015 01:59 PM
Hi, CMG,
I am running 7.0 and I just checked - not available yet. Your best bet is to submit a feature request through a SE, I think.
Regards
Luciano
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
