02-06-2012 06:45 AM - edited 02-21-2020 05:51 PM
Hello,
I want to deploy AnyConnect SSL VPN client with an ASA appliance, using certificate authentication only.
I order to be able to request a certificate via SCEP on the AnyConnect client, I have to download a AnyConnect xml profile from the ASA. But this can be done only if the AnyConnect client is authenticate on the ASA ?! It's a question of chicken or egg ?
I have read all documentation regarding this subject on Cisco.com but I havn't found any answer. Have anybody a suggestion about this, I should have missed something for sure ?
Thanks in advance.
Vincent
Ps. : We can imagine to deployed manually the AnyConnect xml profile on the Windows machine, but what about other OS like Iphone/Ipad where we have no access on the system file....
02-10-2012 01:11 AM
Hi,
Any suggestion about this deployment question ?
Any remarks or comments are welkome.
Vincent
03-23-2012 09:06 AM
FYI
I've finally manage to deploy certificates on the anyconnect client (Win/Mac OS-X, Iphone/Ipad) by using PKCS#12 file.
03-23-2012 09:15 AM
How did you accomplish this? I am trying to do the same thing with an ASA and Microsoft CA server.
Thanks
03-23-2012 09:43 AM
Hi Paul,
I generate a PCKS#12 file that enclosed the client certificate + the associated private key + the CA certchain.
I deployed it on client host machine by juste sending it by e-mail/ USB key/ Web plushing.
Depending of your client OS version, the client certificate should be present in, the "login" store of keychain repository on a MAC OS-X client and in the "personal" store of the certificate repository on a Windows client.
And that it.
Vincent
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: