Certificates with password
mzimmerman at gmail.com
Wed Apr 5 09:13:50 PDT 2017
The client certificates I would like to use for ocserv are issued as
part of another business process and I can't re-issue them. They
don't have the usernames I would like to use embedded in them. They
do have an email address as the SAN(rfc822name).
I can see the username (email) getting extracted during the login
process, however the anyconnect client then disconnects. I can't tell
from the ocserv logs (running -d 9999) what the reason why is.
When I think about what needs to happen however, I have specified the
authentication of the certificate/user, but there's no location in the
config where I give certain users authorization. How does that work?
As an aside, I tried to use ocpasswd to create passwords for the email
addresses associated with the certificates, however that doesn't seem
to work either.
Finally as a last resort, is it possible to do the certificate
verification (meaning that they're issued by a trusted CA) only and
then use the password for the actual authentication?
More information about the openconnect-devel