config-client-cert-auth

config-client-cert-auth 
[-c value | --configuration=value] 
[-b value | --bootstrap-config=value] 
<-n value | --name-attribute=value> 
[-d <true|false> | --name-attribute-contains-domain=<true|false>]

Overview

Use this command to configure the X.509 certificate name attribute used for the CLIENT_CERT authentication method.

Options


Option	Optional or Required	Default Value	Description
`-c value --configuration=value`	Optional	configuration.xml	The path to the server configuration file.
`-b value --bootstrap-config=value`	Optional	none	The path to the bootstrap configuration file. See Bootstrap.xml file for more information about this file.
`-n value --name-attribute=value`	Required	none	The name of the attribute used to extract user names from X.509 certificates. Supported attributes are: Any attribute that can occur in the certificate subject’s distinguished name (for instance "CN") "DN" (use the whole distinguished name) Any subject alternative name of type "rfc822Name", "dNSName", "directoryName", "uniformResourceIdentifier", "iPAddress", or "registeredID". To use a subject alternative name, make sure the name attribute has the prefix "subjectAltName:". If more than one subject alternative name is present in the certificates, you can add an index prefixed with a pound sign (#).
`d <true\|false> --name-attribute-contains-domain=<true\|false>`	Optional	false	Indicates whether the specified name attribute contains a fully-qualified account name, with both a user name part and a domain name part.