Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Self-Signed Certificate for Remote Access VPN CLIENT

Hi Folks,

I'm trying to achieve two factor authentication, first with radius & 2nd with self signed certificate. Though I have generated self signed certificate & trying to import that certificate but error 39 occuring. Only hindrance authenticating with certificate. I have seen some documents for setting separate certifcate (CA) servers & then to import into clients but i m curious to know about either self generated certificate can be used to authenticate remote access client.

Further ASA is in failover mode so Local CA server is not supported. Is there any way to support local CA.

Thanks,

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Self-Signed Certificate for Remote Access VPN CLIENT

Are you talking about using self-signed certificates on the client? I assume that this won't work. At least it is in no way scalable. You should use an internal CA for that task. As the local CA can't be used with failover, you can take a Windows Server 2k3 or 2k8. Another option is to use an IOS-router as a CA-server. But what about taking something else as a second factor? I'm a big fan of the usage of smartphones with the www.duosecurity.com service.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
1 REPLY
VIP Purple

Self-Signed Certificate for Remote Access VPN CLIENT

Are you talking about using self-signed certificates on the client? I assume that this won't work. At least it is in no way scalable. You should use an internal CA for that task. As the local CA can't be used with failover, you can take a Windows Server 2k3 or 2k8. Another option is to use an IOS-router as a CA-server. But what about taking something else as a second factor? I'm a big fan of the usage of smartphones with the www.duosecurity.com service.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
460
Views
0
Helpful
1
Replies
CreatePlease login to create content