Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Associate a group-url with a certificate

All,

I'm assuming this is possible, but I can't seem to find any documentation on the subject. What I'm looking to do is to associate a webvpn group-url (which is tied to an SSL Tunnel group) to a certificate of the same name, so that I can avoid cert errors when connecting to that specific group URL. I'm able to create an ID cert just fine, however it looks like I can only associate one cert per interface. Any ideas if what I'm trying to do here is possible?

Thanks,

JR

3 REPLIES
Silver

Re: Associate a group-url with a certificate

If you apply cert on default group policy, you should be fine.

Second, More over you question is to resolve an IP address by URL name.

Thanks,

Dharmesh Purohit

New Member

Re: Associate a group-url with a certificate

Hi Dharmesh,

Thanks for your reply. This is actually to resolve a URL name to an SSL group name using the host headers sent by the browser. As far as applying the cert to the default group policy, could you elaborate on exactly which commands to which you are referring?

New Member

Re: Associate a group-url with a certificate

Got some info back from Cisco TAC. Apparently this was a little easier than I originally thought. You can create multiple CNs within a single certificate, and assign that one cert to the interface you choose. In the CLI, it looks like this:

crypto ca trustpoint john

subject-name CN=sales.company.com,CN=engineering.company.com <--NOTE: OU, S, O would all follow after this if I had them defined

enrollment self

crypto ca enroll john

ssl trust john outside

115
Views
0
Helpful
3
Replies