OPERATIONAL DEFECT DATABASE
...
...
If the configuration requires that the serial number of the certificate is used as the username, the mapping will change the target of the SER option from the DN serialNumber attribute to the serial number from the body of the certificate. Example: username-from-certificate SER
-ASA or FTD -Require DN serialNumber in the subject field of the certificate to match the username for the certificate username-from-certificate SER secondary-username-from-certificate SER
To restore the behavior where the serial number attribute from the subject DN is taken as the username, a script can be created with the following content: Anyconnect Connection profile > Edit the target Connection profile >Advanced>Authentication # Select "Use Script to select username" option and click on "Add" # Select "Use custom script in Lua format" and add following return cert.subject.ser # click OK # from drop down menu, select the name of script created and click ok. # Click save and apply to ASA.
restore the behavior where the serial number attribute from the subject DN is taken as the username
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
