Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How do I edit a digital certificate?

My VPN server downloads a digital certificate to VPN users. I think this cert has the wrong address for the server. How can I change the cert ip address?Or how can I stop the VPN server from requiring the cert? I think problem is from changing IP service providers and not changing the server address in the cert.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

How do I edit a digital certificate?

The IOS configuration guide covers certificates here. While you can create a new self-signed certificate on the router (typically used with https for web-based management - see this configuration guide), it's best to use either an internal CA or 3rd party public CA.

To turn it off, find where it's called out in your configuration. "show crypto ca certificates" will show you what certificates you have enrolled on the router. One of them should be called out in the VPN setup.

However, it's not just that simple. If they are being used for authentication and you remove them, they need to be replaced with something else - like a preshared key, reference to a user database (internal or external like LDAP or AD), etc. So it's a non-trivial task. You can get some idea of what's involved to setup certificates properly at this link.

If you're not comfortable working with the CLI, you might want to just setup a new VPN profile using the CCP GUI. Here is a link for that procedure.

5 REPLIES
Hall of Fame Super Silver

How do I edit a digital certificate?

You can't edit a certificate directly. That's fundamental to how they are built as an identity assertion mechanism. You can generate and use a new one (preferred) or remove te use of them altogether (lowers your security).

The necessary steps depend on your equipment and connection type. Can you give us more details on your configuration?

New Member

Re: How do I edit a digital certificate?

I have a Cisco 2851 IOS router that my users connect to for VPN access. Initially they connect to my server via the WEBVPN SSLVPN Service. From there they start a tunnel connection. After connecting the first time they use the anyconnect client to start a vpn connection.

I would like to use a certificate to authenticate. Unfortunately I do not know how to generate and install one. If i can not generate/install a new certifacte then I would like to turn the use of it off.

USING:

Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(24)T2,                               RELEASE SOFTWARE (fc2)

Cisco ANYConnect VPN Client Version 2.5.3055

Hall of Fame Super Silver

How do I edit a digital certificate?

The IOS configuration guide covers certificates here. While you can create a new self-signed certificate on the router (typically used with https for web-based management - see this configuration guide), it's best to use either an internal CA or 3rd party public CA.

To turn it off, find where it's called out in your configuration. "show crypto ca certificates" will show you what certificates you have enrolled on the router. One of them should be called out in the VPN setup.

However, it's not just that simple. If they are being used for authentication and you remove them, they need to be replaced with something else - like a preshared key, reference to a user database (internal or external like LDAP or AD), etc. So it's a non-trivial task. You can get some idea of what's involved to setup certificates properly at this link.

If you're not comfortable working with the CLI, you might want to just setup a new VPN profile using the CCP GUI. Here is a link for that procedure.

New Member

Re: How do I edit a digital certificate?

I was able to generate new certificates with the correct ip in them from the links that you provided. I am able to connect through the WEBVPN connection.

Thank you!!

Hall of Fame Super Silver

Re: How do I edit a digital certificate?

You're welcome. I'm glad you're back to normal with a valid certificate. Thanks for the rating.

1606
Views
0
Helpful
5
Replies