Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
987
Views
0
Helpful
3
Replies

Anyconnect with Certificate only?

Patrick Beaven
Level 1
Level 1

‎07-25-2011 11:41 AM - edited ‎02-21-2020 05:28 PM

I found a doc on how to setup anyconnect using a certificate for authentication. I got it working but then realize if the portal is active its using that cert for connection and authentication. That's not secure at all. How do i make is use one for portal and another for authentication?

Thanks,

Labels:
0 Helpful
3 Replies 3

Jason Gervia
Cisco Employee
Cisco Employee

‎07-27-2011 01:23 PM

Use the SSL trustpoint to assign a web server certificate to your outside interface.  If you want to authenticate with a different certificate, simply import that CAcertificate to the ASA, and make the CA issue the client a certificate.  This way you are using 2 certificates - one for the SSL portion, and another for the client authentication portion.

HTH

--Jason

0 Helpful

Patrick Beaven
Level 1
Level 1
In response to Jason Gervia

‎07-28-2011 01:23 PM

Can you explain how to do this. I have two different certs and would like one for portal and a seperate one for authentication only. If i go to Remote access vpn --> Anyconnect Connection Profiles --> select the profile then "Edit" i can select  AAA,LOCAL OR Certificate but dont have the option to select a specific cert. Can you give me the path to make the change to use a seperate Cert?

0 Helpful

Riccardo Veraldi
Level 1
Level 1
In response to Patrick Beaven

‎07-28-2011 01:40 PM

Hello, could you point me to the document you found for X509 authentcation ?

I am ery interested in it,

thank you

0 Helpful
Customers Also Viewed These Support Documents