Clean Access Server SSL Certificate

ewong0088 · ‎10-22-2006

All,

Have recently installed ASA/Clean Access. I have a question for the Clean Access Server SSL. RIght out the box when installing Clean Access Server (and Clean Access Manager), a IP base temp. SSL cert. were created via Cisco scripts. Because of that, everytime a user connect via VPN a box popup to ask user to accept that SSL. Now it's time to move on getting a CA signed SSL cert in order to get rid of the popup. I have read the documentation but still have questions. In terms of steps, it's quite clear. However, I am confused as how it's going to work. My questions are:

(1) I am going to use the host name to register with the CA. This Clean Access Server host is internal and the host name is resolvable internally only via our internal DNS servers and for all intent and purpose, is not exposed to the outside.

(2) If I did that, when VPN client, how exactly does it work when it comes to the host name? The cert. will be in the form of xyz.something.com and is not going to be resolved to anything.

Thank you for any idea and explanation.

thomas.chen · ‎10-27-2006

When the laptop first accesses the network, the Cisco Clean Access Server determines that the computer's MAC address is not in the list of certified devices, and that laptop is placed into an unauthenticated role.Refer URL

http://www.cisco.com/en/US/products/ps6128/products_white_paper0900aecd802bdc42.shtml