How To: Map X.509 Attributes

This is done via Mapping Task where you map an X.509 attribute such as subject, issuer and serial number:

 

Go to Gateway--->Task Policies and click on Task Lists

Click New and Name your Task, such as "Map Serial Number Task" and then click Apply

Click New and select Map Attributes and Headers then Next

Click New and fill in the following:

 

Source Type:      X.509 Attribute

Source Name*: serialnumber

Target Type:       Protocol Header

Target Name*:  TargetNameSN

 

Click Next and then Save

 

Add a new Task List Groups "Map Serial Number Task List Group" and click Create

Click Add to add your new task list "Map Serial Number Task", Apply and Save

 

The Task List Group should look like this:

 

 Map_x.509.png

Associate the Task List Group to a policy and test.  The system log should now show you something like:

 

Mapping X.509 Attribute 'serialnumber' to Protocol Header

'TargetNameSN' value '8C7A694D D98B9EFC'

 

 

Further, the task in this example takes the following OIDs or extension names.

OID (Object Identifier) Extension Name 
2.5.29.14 SubjectKeyIdentifier 
2.5.29.15 KeyUsage 
2.5.29.16 PrivateKeyUsage 
2.5.29.17 SubjectAlternativeName 
2.5.29.18 IssuerAlternativeName 
2.5.29.19 BasicConstraints 
2.5.29.30 NameConstraints 
2.5.29.33 PolicyMappings 
2.5.29.35 AuthorityKeyIdentifier 
2.5.29.36 PolicyConstraints

For example, one might want to be able to use the SubjectKeyIdentifer.  In this case you would use “2.5.29.14” for the Source Name:

 

Source Type:      X.509 Attribute

Source Name*: 2.5.29.14

Target Type:       Protocol Header

Target Name*:  SomeName

 

 

 

 

0 Comments

Article is closed for comments.