Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Preshared Certificates

We are in the process of implimenting SSL VPN using the AnyConnect client. I am curious if it is possible to have a Pre-Shared Certificate that is self signed created and then I would manually install the cert. This would ensure that I control who accesses the network using VPN.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Preshared Certificates

What platform ASA? if so you can use Local CA configured in ASA and have user enrollment and installed in their PC all managed through the ASA applience.

Personally I have not used this method but from what I read very practical and all privided by asa .. I recommend to read couple of times The Local CA section of this link to get thorough understanding of its usage and implementation for SSL webVPN or client based vpn.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cert_cfg.html#wp1067484

HTH

Jorge

3 REPLIES

Re: Preshared Certificates

What platform ASA? if so you can use Local CA configured in ASA and have user enrollment and installed in their PC all managed through the ASA applience.

Personally I have not used this method but from what I read very practical and all privided by asa .. I recommend to read couple of times The Local CA section of this link to get thorough understanding of its usage and implementation for SSL webVPN or client based vpn.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cert_cfg.html#wp1067484

HTH

Jorge

New Member

Re: Preshared Certificates

Jorge

That is exactly what method I researched and implemented a few days ago. It works really well and allows me to choose who I give certificates to and how long those certs are active. Users get an email with a one time password they use that password to retrieve the cert and then import in to Firefox or IE

Re: Preshared Certificates

Jake, thanks for the update and ratings, we are contemplating this inplementation as well, and Im glad to hear it works great.

Rgds

Jorge

137
Views
0
Helpful
3
Replies
CreatePlease to create content