Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
814
Views
0
Helpful
3
Replies

VPN 3000 series Concentrator -X.509 Certificates

rrcisco2007
Level 1
Level 1

‎06-04-2008 02:28 PM - edited ‎03-10-2019 03:53 PM

Is it possible for the VPN 3000 series Concentrator to generate the X.509 digital certificates or do you need to obtain the X.509 certificates from an outside vendor like Verisign? This is for an IPsec environment. Can the VPN Concentrator be used as a Certificate Server (CS)?

Labels:
0 Helpful
3 Replies 3

aneelaka
Level 1
Level 1

‎06-04-2008 03:08 PM

The VPN Concentrator supports X.509 digital certificates (International Telecommunications Union Recommendation X.509), including SSL (Secure Sockets Layer) certificates that are self-signed or issued in a PKI context.

Step 1 Display the Administration | Certificate Management screen. (See Figure 11-1.)

Step 2 Click Generate above the SSL Certificate table. The new certificate displays in the SSL Certificate table, replacing the existing one.

http://www.cisco.com/en/US/partner/docs/security/vpn3000/vpn3000_41/administration/guide/certman.html#wp1983112

0 Helpful

rrcisco2007
Level 1
Level 1
In response to aneelaka

‎06-17-2008 11:29 AM

Hi Abhishek Neelakanta

CISCO SYSTEMS

Thank you very much for your response. I would like to know what are the real world lessons learned and /or encountered in using the X.509 digital certificates (not the SSL) in the VPN 3000 series concentrators and current Cisco ASA 5500 series platforms? whether the VPN concentrator can itself generate the X.509 certificate or not? I would appreciate your response as soon as possible. Thank you for your time and support.

0 Helpful

aneelaka
Level 1
Level 1
In response to rrcisco2007

‎06-17-2008 03:54 PM

SSL adopts the X.509 hierarchical certificate system.

http://www.imacat.idv.tw/tech/sslcerts.html#sslx509

X.509 is an ITU-T standard for a public key infrastructure (PKI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm

http://en.wikipedia.org/wiki/X.509

X.509 is a standard and SSL follows that, and VPN conc. and ASA5500 follows the self signed ssl cert.

Let me know if this answered your questions.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents