Project

General

Profile

Actions

Feature #15527

open

IPSec Profile Wizard/Windows: Filter User Certificate by Issuer

Added by Alex Bryant 27 days ago. Updated 16 days ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
IPsec Profile Wizard
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

Windows EAP config has an option to filter which user certificates can be used by their issuer, so only these certificates appear in the dropdown on the GUI (or if there is only one matching certificate, the user is not prompted for one). If a user certificate is included in the download archive, could the following node be included in the script to filter by that certificate's issuing CA? Or even for the VPN's configured peer CA?

...
<TLSExtensions xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">
     <FilteringInfo xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV3">
          <CAHashList Enabled="true">
               <IssuerHash>00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </IssuerHash>
          </CAHashList>
     </FilteringInfo>
</TLSExtensions>
...

This is useful in cases where the user has multiple user certificates installed with Client Authentication capability issued by different authorities (maybe just me lol), as it filters to just the certs this VPN will accept.


Files

example-vpn-config.xml (1.95 KB) example-vpn-config.xml Example EAP Host Config with this option Alex Bryant, 05/30/2024 06:13 PM
Actions #1

Updated by Marcos M 26 days ago

  • File ipw.txt added
  • Status changed from New to Ready To Test

Try applying the following patch using the System Patches package; make sure to set the path strip count to 4.

Edit: Wrong bug.

Actions #2

Updated by Alex Bryant 16 days ago

Marcos M wrote in #note-1:

Try applying the following patch using the System Patches package; make sure to set the path strip count to 4.

I think this patch is intended for a different bug.

Actions #3

Updated by Marcos M 16 days ago

  • File deleted (ipw.txt)
Actions #4

Updated by Marcos M 16 days ago

  • Status changed from Ready To Test to New
Actions

Also available in: Atom PDF