Strict User/CN Matching
I am using Windows CA for client certificates, and it generates certificates that have Subject "John Doe" and Subject alternative name is (Other Nameemail@example.com RFC822 Namefirstname.lastname@example.org)-
I also use Windows RADIUS server for authentication.
I can login to my company with user email@example.com if I turn the Strict User/CN Matching off.
If I turn it on, there is a message in server log: firstname.lastname@example.org != John Doe and it doesn't allow me in.
Is there a way to tell pfSense OpenVPN server to look at the Subject Alternative Name (other name) too, not just the Subject?
I can leave it off but it could be a bit of a security flaw since person who wish to log in could use any certificate, not just his.
BTW, pfSense is a great product.