Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
0
Helpful
3
Replies

RA VPN with LOCAL CA

Fernando Mantovani Pierobon
Level 1
Level 1

‎09-04-2008 11:48 AM

Hello.

I have a customer that wants to implement RA VPN with digital certificates, and they want the ASA (5510) to be the CA (not Microsoft or any other).

Well, I configured the trustpoint, ca server and OTP that is working fine, I receive the email ok, but I cannot click on the link to download and install the certificate on my desktop... the url is: https://asahostname/+CSCOCA+/enroll.html

I don't know if my configuration are fine.. I already tried to configure a VPN and I think it's ok, but my client didn't connect because I cannot enroll the certificate for the link ASA sent me.

There is no config guide for this.. (I did not find it) and if some of you have, please let me know.

Hope sombebody help me...

And sorry for my "not so good" english.

Thanks,

Fernando

Labels:
0 Helpful
3 Replies 3

hadbou
Level 5
Level 5

‎09-10-2008 01:21 PM

The Local Certificate Authority (Local CA) integrates a basic certificate authority functionality on the security appliance, deploys certificates, and provides secure revocation checking of issued certificates. The Local CA provides trusted digital certificates to users, without the need to rely on external certificate authorization.The Local CA provides a secure inhouse authority for certificate authentication and offers straightforward user enrollment by means of a browser webpage login.

0 Helpful

Dirk Feldhaus
Level 1
Level 1

‎11-03-2008 08:52 AM

Hello,

I have also trouble with the Local CA on an ASA 5510.

I found that the enrollment is only working on the outside interface, coming from an outside network. And of course you need DNS pointing to the correct asahostname for your environment.

Has anyone an idea if I can change the interface for certificate enrollment?

0 Helpful

vpancisco
Level 1
Level 1

‎11-04-2009 01:25 AM

Hello,

just copy the link to your browser

and follow instruction for authentification if the link don't found

the problem is your asahostname or ensure taht your enable http server on your requested interface as cli :::

http x.x.x.x mask interface_name

i'm trying setup the same service but

the auth with OTP failed @ /+CSCOCA+/enroll.html page

regards

0 Helpful
Customers Also Viewed These Support Documents