Strict User/CN Matching

  • I am using Windows CA for client certificates, and it generates certificates that have Subject "John Doe" and Subject alternative name is (Other RFC822
    I also use Windows RADIUS server for authentication.
    I can login to my company with user if I turn the Strict User/CN Matching off.
    If I turn it on, there is a message in server log: != John Doe and it doesn't allow me in.
    Is there a way to tell pfSense OpenVPN server to look at the Subject Alternative Name (other name) too, not just the Subject?
    I can leave it off but it could be a bit of a security flaw since person who wish to log in could use any certificate, not just his.
    BTW, pfSense is a great product.