Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Type of cert needed for anyconnect ikeV2

 

Hi Everyone,

 

I have created CSR for anyconnect IkeV2.

When i ask the cert vendor what should i ask them that which type of cert i needed for IkeV2?

 

We do not want users to use ssl like https://xyz.com and connect and download the client.

 

We want users machine pre installed with anyconnect and profile and connect using IkeV2.

 

Regards

Mahesh

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Every certificate vendor has

Every certificate vendor has their own way of listing choices. Many include Cisco among their choices. i.e.:

http://www.instantssl.com/ssl-certificate-support/csr_generation/ssl-certificate-index.html

Generally speaking a standard server certificate suffices as we're not doing much fancy with it - just verifying identity. The CN in the CSR should match the FQDN in that case..

Hall of Fame Super Silver

Did you bind the new

Did you bind the new certificate to your outside interface?

Reference.

4 REPLIES
Hall of Fame Super Silver

Every certificate vendor has

Every certificate vendor has their own way of listing choices. Many include Cisco among their choices. i.e.:

http://www.instantssl.com/ssl-certificate-support/csr_generation/ssl-certificate-index.html

Generally speaking a standard server certificate suffices as we're not doing much fancy with it - just verifying identity. The CN in the CSR should match the FQDN in that case..

New Member

 Hi Marvin, I got cert from

 

Hi Marvin,

 

I got cert from Entrust.

it has 3 options server cert,root cert and chain cert.

i installed the server cert on the ASA and now  status of cert has changed from pending.

 

When i connect to anyconnect ikev2 it still gives me cert warning line non trusted cert.Do i need to do any config change in anyconnect ikev2?

Regards

Mahesh

Hall of Fame Super Silver

Did you bind the new

Did you bind the new certificate to your outside interface?

Reference.

New Member

 Hi Marvin, I did that and

 

Hi Marvin,

 

I did that and now i do not see message saying that you are connecting to untrusted

certificate.

 

Many thanks

Mahesh

54
Views
0
Helpful
4
Replies