Certificate owner - Subject alternative name attributes

By default, the attribute entry box associated with the "Subject Alternative Name" item, within the "Certificate owner" entry, contains OtherName.UPN=(.*). This tells HPE OneView to extract the user name from the "OtherName.UPN" attribute within the Subject Alternative Name field of the certificate on the smart card. This is the user name that HPE OneView uses to query the enterprise directory.

You can edit the value to enable HPE OneView to search for the user name within other additional attributes within Subject Alternative Name. The options include:

  • OtherName.UPN=(.*)
    The Microsoft certificate viewer displays "OtherName.UPN" under Subject Alternative Name as:
    Other Name:
              Principal Name=John.Doe@test.com
  • OtherName.RFC822Name=(.*)

    The Microsoft certificate viewer displays OtherName.RFC822Name as:

    Other Name:
              RFC822 Name=John.Doe@test.com
  • RFC822Name=(.*)

    The Microsoft certificate viewer displays RFC822Name as:

    RFC822 Name=John.Doe@test.com
  • DirName=(.*)
    The Microsoft certificate viewer displays "DirName" under Subject Alternative Name as:
     Directory Address:
               CN=John Doe
               OU=Test Group
               O=Test Org
               C=US
               DC=test
               DC=com

Use a comma-separated list to include multiple values in the entry field, allowing HPE OneView to search multiple Subject Alternative Name attributes for a valid user name.

NOTE:

You can instruct HPE OneView to search for the user name within the attributes of the "Subject" field of the smart card certificate (either in addition to, or instead of, searching within "Subject Alternative Name" attributes). See subject entry in the "Certificate owner" field for details.

Subject Alternative Name multiple attribute entry example

OtherName.UPN=(.*),OtherName.RFC822Name=(.*),RFC822Name=(.*),DirName=(.*)