Feature #15527
open
IPSec Profile Wizard/Windows: Filter User Certificate by Issuer
0%
Description
Windows EAP config has an option to filter which user certificates can be used by their issuer, so only these certificates appear in the dropdown on the GUI (or if there is only one matching certificate, the user is not prompted for one). If a user certificate is included in the download archive, could the following node be included in the script to filter by that certificate's issuing CA? Or even for the VPN's configured peer CA?
...
<TLSExtensions xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">
<FilteringInfo xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV3">
<CAHashList Enabled="true">
<IssuerHash>00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </IssuerHash>
</CAHashList>
</FilteringInfo>
</TLSExtensions>
...
This is useful in cases where the user has multiple user certificates installed with Client Authentication capability issued by different authorities (maybe just me lol), as it filters to just the certs this VPN will accept.
Files
Updated by Marcos M 26 days ago
- File ipw.txt added
- Status changed from New to Ready To Test
Try applying the following patch using the System Patches package; make sure to set the path strip count to 4.
Edit: Wrong bug.
Updated by Alex Bryant 16 days ago
Marcos M wrote in #note-1:
Try applying the following patch using the System Patches package; make sure to set the path strip count to
4.
I think this patch is intended for a different bug.