I'm currently trying to get my ASA 5540 (7.22) to support client certificate authenticated (in addition to AAA) for the SSL VPN client. I have no existing PKI infrastructure, so I'm trying to figure out if the ASA can do standalone client certificate authentication.
I know enabling certificate authentication is as easy as enabling it on the interface, but is there any way to tell the ASA to authorize all certs with CN of @mydomain.com?
So, I'm basically looking for a way to install certificates on client machines and then have the ASA authenticate those users without having any sort of independent revocation list.
I've been reading the following articles:
Also, I haven't checked to see if this is possible with 8.0, so I'm off to read those docs.
Any help would be greatly appreciated.