Policy Server Guides › Policy Design Guide › SiteMinder Test Tool › Certificate-based Authentication Tests › Custom Attribute Mappings for Testing › Create Custom Certificate Mappings

Create Custom Certificate Mappings

You can use the certificate mapping feature of the SiteMinder Policy Server to create custom mappings for certificates.

Note: When you create or modify a Policy Server object in the Policy Server User Interface, use ASCII characters. Object creation or modification with non-ASCII characters is not supported.

To create and use a custom attribute in a certificate mapping

1. Open the Policy Server User Interface.
2. From the menu bar, select Advanced, Certificate Mapping.

   The Certificate Mappings dialog box opens.

3. To add a new mapping, click Add. To modify an existing mapping, select the mapping and click Edit.

   The Certificate Mapping Properties dialog opens.

4. In the Issuer DN field, enter the full issuer DN.
5. In the Mapping group box, select the custom Custom radio button.
6. Enter an expression similar to the following for the attributes mentioned in Certificate Attributes that Require Custom Mappings.

   Note: This notation specifies two different attributes that are acceptable for a certificate mapping.

   • For Email:

     %{E/Email}

   • For ST:

     %{S/ST}

   • For User Id:

     %{UID/UserID}

7. Click OK to save your changes and close the Certificate Mapping Properties dialog.

The Policy Server should now handle requests from different certificate-generation tools (such as certutil.exe and OpenSSL) and the SiteMinder Test tool where the Email attribute is represented differently in the Issuer DN. You can use this process for any of the other attributes mentioned in Certificate Attributes that Require Custom Mappings.

More Information:

Certificate Mapping