Filter
Top Products
69-81
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
Mapping Certificates to IPsec or SSL VPN Connection Profiles
• Mapped to Group—(Display only). Connection profile to which the rule is assigned.
• Field—Select the part of the certificate to be evaluated from the drop-down list.
–
Subject—The person or system that uses the certificate. For a CA root certificate, the Subject
and Issuer are the same.
–
Alternative Subject—The subject alternative names extension allows additional identities to
be bound to the subject of the certificate.
–
Issuer—The CA or other entity (jurisdiction) that issued the certificate.
–
Extended Key Usage—An extension of the client certificate that provides further criteria that
you can choose to match.
• Component—(Applies only if Subject of Issuer is selected.) Select the distinguished name
component used in the rule:
• Operator—Select the operator used in the rule:
–
Equals—The distinguished name field must exactly match the value.
–
Contains—The distinguished name field must include the value within it.
–
Does Not Equal—The distinguished name field must not match the value
DN Field Definition
Whole Field The entire DN.
Country (C) The two-letter country abbreviation. These codes conform to ISO 3166
country abbreviations.
Common Name (CN) The name of a person, system, or other entity. This is the lowest (most
specific) level in the identification hierarchy.
DN Qualifier (DNQ) A specific DN attribute.
E-mail Address (EA) The e-mail address of the person, system or entity that owns the certificate.
Generational Qualifier
(GENQ)
A generational qualifier such as Jr., Sr., or III.
Given Name (GN) The first name of the certificate owner.
Initials (I) The first letters of each part of the certificate owner’s name.
Locality (L) The city or town where the organization is located.
Name (N) The name of the certificate owner.
Organization (O) The name of the company, institution, agency, association, or other entity.
Organizational Unit
(OU)
The subgroup within the organization.
Serial Number (SER) The serial number of the certificate.
Surname (SN) The family name or last name of the certificate owner.
State/Province (S/P) The state or province where the organization is located.
Title (T) The title of the certificate owner, such as Dr.
User ID (UID) The identification number of the certificate owner.
Unstructured Name
(UNAME)
The unstructuredName attribute type specifies the name or names of a
subject as an unstructured ASCII string.
IP Address (IP) IP address field.