Concentrator 3000: X.509 cert on Pub Interface...

Unanswered Question
Sep 10th, 2009

I have a requirement to find out how, if at all, the Cisco VPN Client can use an X.509 certificate to prove the validity of a VPN Concentrator. -Much like a web browser uses an SSL cert to prove that a given webserver is valid. Note that I do not need to do cert-based authentication. I see that I can install a cert on the Public Interface on the concentrator, but can someone tell me how, if at all this can play a role in how the client checks the validity of the concentrator its logging into?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smukhanin Fri, 09/11/2009 - 07:11

Client checks certificate validity with CA root certificate, concentrator will have cert frome the same CA with root certificate also...so they will trust both if they trust same CA..

I think thats true :)

abatson Fri, 09/11/2009 - 10:16

My Pub interface currently has a self-signed cert on it. --Since this can't be followed back to a trusted CA, why can my VPN clients connect at all? --What policy (and where) causes the VPN client to be able to connect (or denies connection) if the cert being sent from the Concentrator can't be follwed back to a trusted root?

Actions

This Discussion