Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

pre-shared key vs certificate is which best and why

I have pre-shared key setup and working on my VPN concentrator but I am thinking that certificates would give me added security can someone advise me on which way to go. Thanks

New Member

Re: pre-shared key vs certificate is which best and why


In security point of view, using CA server and certificate will add more security to your VPN network, that is for sure. Certificate has much longer public and private key then pre-shared. Certificate is not easy to be exported, once the laptop has been stolen, you can revoke the certificate from the Cert server.

If you are using pre-shared key, you need change all other PC's group password in case someone get he group password from the stolen PC.

If you have more than 10 LAN to LAN sites, using certificate can make the configuration simpler, because you do not need to config pre-shared keys for each site.Use same Cert server and enroll all the routers to it , then it will be done.

For the remote access point of view, You need enroll all your clients(depending or username or PC), each client will have one certificate. If you have several hundreds of users, that will increase your workload for sure.

Best Regards,

Paul Qiu