Authentication Certificate Mode: <NotRequired/Validation/Authentication>
Controls the level of security required to allow client systems (typically web browsers) to communicate with the VCS over HTTPS.
Default: NotRequired.
NotRequired
: the client system does not have to present any form of certificate.
Validation
: the client system must present a valid certificate that has been signed by a trusted certificate authority (CA). Note that a
restart is required if you are changing from Not required to Certificate validation.
Authentication
: the client system must present a valid certificate that has been signed by a trusted CA and contains the client's
authentication credentials. When this mode is enabled, the standard login mechanism is no longer available.
Example:
xConfiguration Authentication Certificate Mode: NotRequired
Authentication Certificate UsernameRegex: <String>
The regular expression to apply to the client certificate presented to the VCS. Use the (? regex) syntax to supply names for capture
groups so that matching sub-patterns can be substituted in the associated template. Default: /Subject:.*CN= (? ([^,\]|(\,))*)/m
Example:
xConfiguration Authentication Certificate UsernameRegex: "/Subject:.*CN= (? ([^,\]|(\,))*)/m"
Authentication Certificate UsernameTemplate: <String>
A template containing a mixture of fixed text and the capture group names used in the Regex. Delimit each capture group name with
# , for example, prefix#Group1#suffix. Each capture group name will be replaced with the text obtained from the regular expression
processing. The resulting string is used as the user's authentication credentials (username). Default: #captureCommonName#
Example:
xConfiguration Authentication Certificate UsernameTemplate: "#captureCommonName#"
Authentication H350 BindPassword: <S: 0, 60>
Sets the password to use when binding to the LDAP server.
Example:
xConfiguration Authentication H350 BindPassword: "abcXYZ_123"
Authentication H350 BindSaslMode: <None/DIGEST-MD5>
The SASL (Simple Authentication and Security Layer) mechanism to use when binding to the LDAP server. Default: DIGEST-MD5.
None
: no mechanism is used.
DIGEST-MD5
: the DIGEST-MD5 mechanism is used.
Example:
xConfiguration Authentication H350 BindSaslMode: DIGEST-MD5
Authentication H350 BindUserDn: <S: 0, 500>
Sets the user distinguished name to use when binding to the LDAP server.
Example:
xConfiguration Authentication H350 BindUserDn: "manager"
Authentication H350 BindUserName: <S: 0, 500>
Sets the username to use when binding to the LDAP server. Only applies if using SASL.
Example:
xConfiguration Authentication H350 BindUserName: "manager"
Authentication H350 DirectoryBaseDn: <S: 0, 500>
Sets the Distinguished Name to use when connecting to an LDAP server.
Example:
xConfiguration Authentication H350 DirectoryBaseDn: "dc=example,dc=company,dc=com"
Authentication H350 LdapEncryption: <Off/TLS>
Sets the encryption to use for the connection to the LDAP server. Default : TLS.
Off
: no encryption is used.
TLS
: TLS encryption is used.
Example:
xConfiguration Authentication H350 LdapEncryption: TLS
Authentication H350 LdapServerAddress: <S: 0, 256>
The IP address or Fully Qualified Domain Name of the LDAP server to use when making LDAP queries for device authentication.
Example:
xConfiguration Authentication H350 LdapServerAddress: "ldap_server.example.com"
Cisco VCS Administrator Guide (X8.1.1)
Page 427 of 507
Reference material
Command reference — xConfiguration