12-03-2013 08:51 AM - edited 02-21-2020 07:21 PM
Hello,
We have many users using the Cisco AnyConnect client and to get to our company they go to vpn.company.co.uk. We are changing our company name so we are creating a now FQDN called for example vpn.newcompany.co.uk which will point to our ASA.
1.) Thing is will be need a new SSL cert on the ASA?
2.) If so can the new cert incorporate both FQDNs?
3.) How can I automatically change the host users connect to in the Anyconnect clients to reflect the new FQDN?
Thanks
12-03-2013 01:24 PM
1.) Thing is will be need a new SSL cert on the ASA?
Yes, you will need a new SSL certificate which includes the new domain name.
2.) If so can the new cert incorporate both FQDNs?
Yes, if you purchase a wildcard certificate I believe you can have 5 domain names referenced in it.
3.) How can I automatically change the host users connect to in the Anyconnect clients to reflect the new FQDN?
If you purchase the certificate from a well known provider chances are that your clients will already have the public key installed on their PC. If not, the user should be prompted to accept and install the certificate upon first connection.
--
Please remember to rate and select a correct answer
12-03-2013 03:25 PM
2.) If so can the new cert incorporate both FQDNs?Yes, if you purchase a wildcard certificate I believe you can have 5 domain names referenced in it.
You are mixing two kind of certificates here:
Wildcard-certificates don't the "host" past. If you have a wildcard-certificate *.example.com then you can use anything.example.com.
The other thing are UCC, there you can have multiple FQDNs listed. It's the CA-policy that tells you how many names can be included there. For one project I have had a certificate with about 30 names in it.
3.) How can I automatically change the host users connect to in the Anyconnect clients to reflect the new FQDN?
You could deploy AnyConnect-profiles with both the old and the new name listed. When all users got the profile the old name can be removed:
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: