Forum Discussion

Jonas_Karlsson_'s avatar
Icon for Nimbostratus rankNimbostratus
Oct 10, 2018

Insert missing UPN into certificate?

Hi, I'm trying to insert the UPN field in an smartcard authentication session and sent that smartcard info to the beackend servers. Today I've got smartcards that are missing the othername:UPN and the application requires the UPN field


the field in the certificate today have


X509v3 Subject Alternative Name: email:user@domain


Is there any way to use "SSL::extensions insert" or other function to get the result below?


X509v3 Subject Alternative Name: othername:UPN, email:user@domain




3 Replies

  • SSL::extensions is designed to insert parameters into the server side SSL handshake, not to modify attributes of a certificate. In fact if you tried to manipulate the certificate, you'd break its corresponding digital signature.


    On a side note, if you attach SSL profiles to a VIP, you cannot send the smart card certificate all the way to the server.


  • Thank you. That is good to know that a certificate can't be modified without breaking the signatures.


    But maybe there is another way? Let's say you use the smartcard without the preffered attributes just to start an APN session by mapping the login with another attribute on the certificate. Then query AD for the user account. Then somehow make a new temporary certificate (bake it within f5) to present to the server that now holds the preffered attributes. Maybe ,probably better to reissue the smartcards (thousands..)