Cisco VPN Client Certificate Importing as RA/Intermediate Certificate
Wondering if anyone has come across this issue before. We have had to move an MS CA (Enterprise Root, Windows Server 2008) to a different server, but have kept the same root certificate and CA name.
We have a Cisco Easy VPN terminating on an ASA 5510 using client certificates and LDAP credentials to authenticate users. All users with existing, valid certificates work fine, and can access the VPN.
However, when we generate a new client certificate, the Cisco Easy VPN Client imports its the "RA" store rather than the "Cisco" store, which means I cannot use it for the VPN. Furthermore, if I put the certificate inside of the Personal store on my user account, it shows up in the Cisco client but does not pass authentication and fails.
On the other hand, the CA certificate is imported into the client without any hassles.
I am convinced that this is to do with the Microsoft CA and the way that it is issuing certificates - Has anyone seen this before, and if so, what did you do to resolve it? Has anyone created their own MS certificate templates for Ciscos VPN Client, or does the certificate have to meet a certain criteria before it gets imported into the correct store - ie. how does the VPN client know which store to put it in?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :