topic Re: Terminating Endpoint Connect with user certificate (CN) in SASE and Remote Access

Terminating Endpoint Connect with user certificate (CN)

CP-Shark — Wed, 14 Dec 2022 15:51:28 GMT

Hi guys,

I want to implement the Endpoint Connect VPN solution using Remote Access VPN Blade provided by Harmony.
It is working fine if I am using the Fully distinguished name (FQDN) in the certificate (MS Enterprise PKI):

But with this configuration I have the issue that when a user moves to another organisation unit in Active Directory the VPN is not connecting anymore and this is based on the configuration totally fine and correct. But in an environment with 5000+ users this is not handable so I want to use common name or email address. The change in the certificate template is not the problem, but if I change the Authentications settings on the gateway like this (or Subject Alternative Name.Email)

the VPN is not connecting anymore with error -> User CN=Common Name unknown.

I am sure that this is not a unique requirement but I don´t now what I need to change to get this working.

Cheers,
Olli

Re: Terminating Endpoint Connect with user certificate (CN)

CP-Shark — Tue, 20 Dec 2022 08:59:54 GMT

Any ideas on this issue?

Re: Terminating Endpoint Connect with user certificate (CN)

PhoneBoy — Tue, 20 Dec 2022 23:57:05 GMT

Have you opened a TAC case?

Re: Terminating Endpoint Connect with user certificate (CN)

cenes — Tue, 09 Apr 2024 08:25:51 GMT

Any updates on this?

Thanks.

Re: Terminating Endpoint Connect with user certificate (CN)

_Val_ — Tue, 09 Apr 2024 13:22:53 GMT

Most probably no, considering the post is from year 2022.