Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AnyConnect client Cert Authentication on ASA : the Chicken or the egg

Hello,

I want to deploy AnyConnect SSL VPN client with an ASA appliance, using certificate authentication only.

I order to be able to request a certificate via SCEP on the AnyConnect client, I have to download a AnyConnect xml profile from the ASA. But this can be done only if the AnyConnect client is authenticate on the ASA ?! It's a question of chicken or egg ?

I have read all documentation regarding this subject on Cisco.com but I havn't found any answer. Have anybody a suggestion about this, I should have missed something for sure ?

Thanks in advance.

Vincent

Ps. : We can imagine to deployed manually the AnyConnect xml profile on the Windows machine, but what about other OS like Iphone/Ipad where we have no access on the system file....

4 REPLIES
New Member

AnyConnect client Cert Authentication on ASA : the Chicken or th

Hi,

Any suggestion about this deployment question ?

Any remarks or comments are welkome.

Vincent

New Member

AnyConnect client Cert Authentication on ASA : the Chicken or th

FYI

I've finally manage to deploy certificates on the anyconnect client (Win/Mac OS-X, Iphone/Ipad) by using PKCS#12 file.

New Member

AnyConnect client Cert Authentication on ASA : the Chicken or th

How did you accomplish this?  I am trying to do the same thing with an ASA and Microsoft CA server.

Thanks

New Member

AnyConnect client Cert Authentication on ASA : the Chicken or th

Hi Paul,

I generate a PCKS#12 file that enclosed the client certificate + the associated private key + the CA certchain.

I deployed it on client host machine by juste sending it by e-mail/ USB key/ Web plushing.

Depending of your client OS version, the client certificate should be present in, the "login" store of keychain repository on a MAC OS-X client and in the "personal" store of the certificate repository on a Windows client.

And that it.

Vincent

721
Views
0
Helpful
4
Replies
CreatePlease login to create content