Cert check: Subject Alternative Name/User Principal Name

Scripts which allow the use of special authentication methods (LDAP, AD, MySQL/PostgreSQL, etc).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Flexstarr
OpenVpn Newbie
Posts: 2
Joined: Thu Jan 12, 2012 7:40 pm

Cert check: Subject Alternative Name/User Principal Name

Post by Flexstarr » Mon Apr 14, 2014 1:09 pm

Hello,

as stated in the changelog, OpenVPN has some new features for playing with X509 certs since 2.3.0:
New feature: --x509-track option, more fine grained access to X.509 fields in scripts and plug-ins
New feature: --x509-username-field, where other X.509v3 fields can be used for the authentication instead of Common Name
Challenge:
we would like to check if the user loginname John.Doe@example.com is the same as the "User Principal Name" in the "Subject Alternative Name" field in the client cert.
The value of this field looks like this:
Other Name:
Principal Name=John.Doe@example.com
RFC822 Name=john.doe@example.com
How can this be accomplished?
Top
Flexstarr
OpenVpn Newbie
Posts: 2
Joined: Thu Jan 12, 2012 7:40 pm

Re: Cert check: Subject Alternative Name/User Principal Name

Post by Flexstarr » Thu May 22, 2014 8:19 am

Nobody did this before?! :roll:
Top
Post Reply

Return to “Authentication Scripts”