30 Mar
2015
30 Mar
'15
9:13 a.m.
Franks Andy (IT Technical Architecture Manager) wrote:
I was wondering if there is any way I could read a TLS client certificate field (probably MS specific) called "Certificate Template Information". We have an M$ CA (for now), and one of the strings within this field contains the name of the certificate template, which I want to check, to make sure that people aren't making up their own cert templates and randomly giving wireless access to people in the wrong way (I have good reason).
I think your idea is the completely wrong approach for the problem. Make sure you have your PKI under your control => ensure that "people" cannot make up their own cert templates. Ciao, Michael.