06-04-2008 02:28 PM - edited 03-10-2019 03:53 PM
Is it possible for the VPN 3000 series Concentrator to generate the X.509 digital certificates or do you need to obtain the X.509 certificates from an outside vendor like Verisign? This is for an IPsec environment. Can the VPN Concentrator be used as a Certificate Server (CS)?
06-04-2008 03:08 PM
The VPN Concentrator supports X.509 digital certificates (International Telecommunications Union Recommendation X.509), including SSL (Secure Sockets Layer) certificates that are self-signed or issued in a PKI context.
Step 1 Display the Administration | Certificate Management screen. (See Figure 11-1.)
Step 2 Click Generate above the SSL Certificate table. The new certificate displays in the SSL Certificate table, replacing the existing one.
06-17-2008 11:29 AM
Hi Abhishek Neelakanta
CISCO SYSTEMS
Thank you very much for your response. I would like to know what are the real world lessons learned and /or encountered in using the X.509 digital certificates (not the SSL) in the VPN 3000 series concentrators and current Cisco ASA 5500 series platforms? whether the VPN concentrator can itself generate the X.509 certificate or not? I would appreciate your response as soon as possible. Thank you for your time and support.
06-17-2008 03:54 PM
SSL adopts the X.509 hierarchical certificate system.
http://www.imacat.idv.tw/tech/sslcerts.html#sslx509
X.509 is an ITU-T standard for a public key infrastructure (PKI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm
http://en.wikipedia.org/wiki/X.509
X.509 is a standard and SSL follows that, and VPN conc. and ASA5500 follows the self signed ssl cert.
Let me know if this answered your questions.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: