Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Concentrator 3000: X.509 cert on Pub Interface...

I have a requirement to find out how, if at all, the Cisco VPN Client can use an X.509 certificate to prove the validity of a VPN Concentrator. -Much like a web browser uses an SSL cert to prove that a given webserver is valid. Note that I do not need to do cert-based authentication. I see that I can install a cert on the Public Interface on the concentrator, but can someone tell me how, if at all this can play a role in how the client checks the validity of the concentrator its logging into?

  • VPN
New Member

Re: Concentrator 3000: X.509 cert on Pub Interface...

Client checks certificate validity with CA root certificate, concentrator will have cert frome the same CA with root certificate they will trust both if they trust same CA..

I think thats true :)

New Member

Re: Concentrator 3000: X.509 cert on Pub Interface...

My Pub interface currently has a self-signed cert on it. --Since this can't be followed back to a trusted CA, why can my VPN clients connect at all? --What policy (and where) causes the VPN client to be able to connect (or denies connection) if the cert being sent from the Concentrator can't be follwed back to a trusted root?

This widget could not be displayed.