local user fix for cert CN identification

[jworkmanjc]

Issues

• SA-3225 - Local Username Certificate CN Fix

What does this solve?

Previously when generating certificates with users who also have a systemUsername (local username account field set). The resulting certificates were generated with a users 'systemUsername'. Radius authentication only matches a user's username and user's with these certificates would never be allowed to access a radius backed network.

This change tracks a user's localUsername and username (if both exist). Certs are generated with the users username but installed to the localUsername directory.

Is there anything particularly tricky?

How should this be tested?

• Associate a user who has a systemUsername (local username account field set) to a radius access group
• Generate a radius user certificate for this user
• distribute the radius certificate to the user's macOS and windows system
• the certificate should install
• the certificate should allow a user to access a radius backed network even though their localUsername is different from the CA in the resulting certificate.

Screenshots

[jworkmanjc]

Tested both Windows/ macOS deployments.

Both users have a local username, the installation scripts correctly install the certificate, certificate auth to radius network will not throw handshake failure.

[kmaranionjc]

Tests looks good

[gweinjc]

Certs were installed correctly for the localUser and was able to authenticate using their username