n
Test the outcome of applying the regex and template patterns that retrieve a certificate's authorization
credentials (the username).
You can test against:
n
a certificate on your local file system
n
the browser's currently loaded certificate
To test if a certificate is valid:
1. Select the
Certificate source
. You can choose to:
l
upload a test file from your file system in either PEM or plain text format; if so click
Browse
to select
the certificate file you want to test
l
test against the certificate currently loaded into your browser (only available if the system is already
configured to use
Certificate validation
and a certificate is currently loaded)
2. Ignore the
Certificate-based authentication pattern
section - this is only relevant if you are extracting
authorization credentials from the certificate.
3. Click
Check certificate
.
4. The results of the test are shown in the
Certificate test results
section.
To retrieve authorization credentials (username) from the certificate:
1. Select the
Certificate source
as described above.
2. Configure the
Regex
and
Username format
fields as required. Their purpose is to extract a username
from the nominated certificate by supplying a regular expression that will look for an appropriate string
pattern within the certificate. The fields default to the currently configured settings on the
Certificate-
based authentication configuration
page but you can change them as required.
l
In the
Regex
field, use the
(?<name>regex)
syntax to supply names for capture groups so that
matching sub-patterns can be substituted in the associated
Username format
field, for example,
/(Subject:.*, CN=(?<Group1>.*))/m
.
The regex defined here must conform to
PHP regex guidelines
.
l
The
Username format
field can contain a mixture of fixed text and the capture group names used in the
Regex
. Delimit each capture group name with
#
, for example,
prefix#Group1#suffix
. Each
capture group name will be replaced with the text obtained from the regular expression processing.
3. Click
Check certificate
.
The results of the test are shown in the
Certificate test results
section. The
Resulting string
item is the
username credential that would be checked against the relevant authorization mechanism to determine
that user's authorization (account access) level.
4. If necessary, you can modify the
Regex
and
Username format
fields and repeat the test until the correct
results are produced.
Note that if the
Certificate source
is an uploaded PEM or plain text file, the selected file is temporarily
uploaded to the VCS when the test is first performed:
l
if you want to keep testing different
Regex
and
Username format
combinations against the same file,
you do not have to reselect the file for every test
l
if you change the contents of your test file on your file system, or you want to choose a different file, you
must click
Browse
again and select the new or modified file to upload
5. If you have changed the
Regex
and
Username format
fields from their default values and want to use
these values in the VCS's actual configuration (as specified on the
Certificate-based authentication
configuration
page) then click
Make these settings permanent
.
Note:
Cisco VCS Administrator Guide (X8.1.1)
Page 293 of 507
Maintenance
About security certificates