Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1097
Views
0
Helpful
7
Replies

VPN Concentrators and Microsoft Certificates

brandon_leiker
Level 1
Level 1

‎09-08-2009 08:28 AM

I'm trying to install a certificate on the public interface on a VPN Concentrator 3020. The certificate installs just fine, but the problem is that once the Microsoft CA cert is installed the WebVPN website on the concentrator no longer comes up. I've tried this many times and each time I get the same result. The main reason I'm trying to use a Microsoft CA cert is because I need the cert signed with SHA-1 instead of MD5

Labels:
0 Helpful
7 Replies 7

Yudong Wu
Level 7
Level 7

‎09-08-2009 09:20 AM

Did you get any error message when you tried to access WebVPN?

When you install the new CA, make sure to use CN field correctly.

"Common Name (CN) field you need to fill this space with either an IP address or the DNS name of the interface, which must be similar to what you typed in the browser in order to make the SSL client connection."

0 Helpful

brandon_leiker
Level 1
Level 1
In response to Yudong Wu

‎09-08-2009 09:24 AM

The only thing that happens is I get "Page Can Not Be Displayed" when I go to the WebVPN page.

0 Helpful

Yudong Wu
Level 7
Level 7
In response to brandon_leiker

‎09-08-2009 09:37 AM

Since you installed new cert, you should have a popup window for certificate warning when you tried to access webvpn. Did you see that? If yes, you need accept that new cert. Here is the link for your reference.

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2284/products_configuration_example09186a008055641a.shtml#configdisable

0 Helpful

brandon_leiker
Level 1
Level 1
In response to Yudong Wu

‎09-08-2009 09:58 AM

I don't receive a popup or anything. The webpage just doesn't come up. The message is "Internet Explorer cannot display the webpage". I'm running the lastest version of the software for the concentrator. If I change the certificate back to a self signed cert the page comes up right away.

0 Helpful

Yudong Wu
Level 7
Level 7
In response to brandon_leiker

‎09-08-2009 10:16 AM

After you changed cert on VPNC, the client web browser should come up that certificate warning window unless you disabled it on purpose or the cert is trusted.

When the browser is trying to establish a SSL connection with a website, if the cert is untrusted, the certificate warning window will pop up.

In IE, Tools->Internet Options->Content Tab->Certificates->Trusted Root Certification Authorities tab, did you see your MS CA is listed there?

0 Helpful

brandon_leiker
Level 1
Level 1
In response to Yudong Wu

‎09-08-2009 10:22 AM

The certificate is already trusted by the PC that I'm using. I'm creating a cert using my root Microsoft CA. I've attached the IE window that I get when I go to the webpage.

Preview file
50 KB
0 Helpful

Yudong Wu
Level 7
Level 7
In response to brandon_leiker

‎09-09-2009 06:16 AM

Sorry, I don't know what else we could try. Can you open a TAC case to investigate this?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents