If I have a root CA and a CA subordinate to the root CA, is it possible to get away with not installing the root CA on the VPN 3005 concentrator if the VPN client and VPN koncentrator identity certificates are both issued by the subordinate CA?
I guess not, cause at the point where you want to import the signed request, the concentrator tries to validate his new cert by validating the certificate chain. Though he has the subordinate cert, he expects the root-ca so he can terminate the certificate chain.
You`ll get something about invalid chain error.
What´s the point not installing the root-ca cert !?
I would like the concentrator to be able to accept p7b cert-chain files, but he still imports only the first cert he finds in the p7b.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...