Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Installing a certificate on an iPhone for VPN use

As I chip away at the tasks I need to complete in order to get on demand VPN to work on an iPhone, I'm a bit puzzled as to how I can get the certificate installed on the iPhone.  I'm also not sure if I'm exporting the correct cert from the ASA.  I'm exporting the identity cert from the ASA but I'm not sure if it should be in PEM or PKCS12 format.  I've tried both.  I tried putting the cert file in a place that I could get to from Safari.  That doesn't work.  Tried in email too.  Am I on the wrong path completely?

9 REPLIES
Cisco Employee

Re: Installing a certificate on an iPhone for VPN use

Hi Mike,

I understand that you are trying to configure SSL VPN connection with ASA. The following link gives you details of certificates on Iphones.

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/iPhone/2.0/connectivity/guide/iphone.html

Hope this helps.

Regards.

Anisha

P.S.:please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

New Member

Re: Installing a certificate on an iPhone for VPN use

Thanks for the reply.  That's the document that I had been working from before.  There isn't enough detail in there.  I guess my real question focuses more on exporting the identity cert from the ASA but I'm not sure if it should be in PEM or PKCS12 format and neither of those seem to be able to be imported into the phone.  In testing, I'm not even able to import either of those into Windows.  When I export them, it asks that it be exported with a pasphrase.  When I import it in Windows, it asks for a password and the one I use at export doesn't work. Am I trying to use the wrong cert?

New Member

Re: Installing a certificate on an iPhone for VPN use

It seems that I should be installing a client or user cert from the CA.  I've done both but the option in AnyConnect to use certificates is still grayed out.

New Member

Re: Installing a certificate on an iPhone for VPN use

The solution was in exporting the user certificate from my PC's web browser as a .PFX.  Importing that into the iPhone (sent via email) worked to enable the Use Certificates option in the AnyConnect client.

New Member

So there is no other solution

So there is no other solution past using the AnyConnect Client?

I have followed recommendations above - but the option is still greyed out.  When I look at the actual cert from a VPN Cert that works (From another system) it shows:  VPN Certificate & Certificate... the one I am generating from my CV325 simply states: Certificate.   Could this potentially be the issue?

New Member

Re: Installing a certificate on an iPhone for VPN use

Mike,

I read your post with interest as I have a similar issue. I am using a Micrsoft Internal CA. I have generated a CSR for an Identity Cert for my ASA. I import the CA Root cert and signed Identity Cert onto the ASA.

Im not so sure If I can use the same Certificates on the IPhone or do I need to create an Individual Identity Certificate for each IPhone to be used.

Any comments would be appreciated.

thanks

Ian.

New Member

Re: Installing a certificate on an iPhone for VPN use

I wouldn't recommend using the same cert for everyone.  I'm using individual certs for every user.  That way I can revoke one if I need to and it won't impact all users.  In my case, I tested the CRL backwards and forwards so I knew how it would work if I needed to revoke access.

New Member

Re: Installing a certificate on an iPhone for VPN use

Mike,

Thanks for the update.

Did you have to install the CA Root Certificate and the Identity cert on the IPhone.

thanks

Ian.

New Member

Re: Installing a certificate on an iPhone for VPN use

You don't have to install anything but the user cert on the iPhone.  You can install the CA just so future certs would be trusted, but it isn't required.

19205
Views
0
Helpful
9
Replies