04-05-2014 02:05 PM
Hi Everyone,
With clientless SSL VPN to support external clients do we need to use global pki service?
Regards
MAhesh
Solved! Go to Solution.
04-05-2014 05:03 PM
It's recommended but not required. As long as the clients trust the ASA certificate it will work.
With a global PKI that uses a well-known public CA (like Entrust, Verisign, Thawte, GoDaddy etc.) to issue certificates for your ASA, almost all clients will have those pre-defined as trusted root Certificate Authorities. In that case, they will not see any warning message when browsing to the ASA.
If you use a self-signed certificate or internal PKI, your clients will need to either a. install the ASA certificate or internal PKI root certificate in their trusted root certificate store or b. always accept the untrusted certificate every time.
Most people don't want to present their clients with either of the latter two choice thus the recommendation to use a public Certificate Authority.
04-05-2014 05:03 PM
It's recommended but not required. As long as the clients trust the ASA certificate it will work.
With a global PKI that uses a well-known public CA (like Entrust, Verisign, Thawte, GoDaddy etc.) to issue certificates for your ASA, almost all clients will have those pre-defined as trusted root Certificate Authorities. In that case, they will not see any warning message when browsing to the ASA.
If you use a self-signed certificate or internal PKI, your clients will need to either a. install the ASA certificate or internal PKI root certificate in their trusted root certificate store or b. always accept the untrusted certificate every time.
Most people don't want to present their clients with either of the latter two choice thus the recommendation to use a public Certificate Authority.
04-05-2014 09:48 PM
Hi Marvin,
Thanks for answering the question.
Its always pleasure to read replies from you.
Best Regards
MAhesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide