Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN Concentrators and Microsoft Certificates

I'm trying to install a certificate on the public interface on a VPN Concentrator 3020. The certificate installs just fine, but the problem is that once the Microsoft CA cert is installed the WebVPN website on the concentrator no longer comes up. I've tried this many times and each time I get the same result. The main reason I'm trying to use a Microsoft CA cert is because I need the cert signed with SHA-1 instead of MD5

7 REPLIES

Re: VPN Concentrators and Microsoft Certificates

Did you get any error message when you tried to access WebVPN?

When you install the new CA, make sure to use CN field correctly.

"Common Name (CN) field you need to fill this space with either an IP address or the DNS name of the interface, which must be similar to what you typed in the browser in order to make the SSL client connection."

Community Member

Re: VPN Concentrators and Microsoft Certificates

The only thing that happens is I get "Page Can Not Be Displayed" when I go to the WebVPN page.

Re: VPN Concentrators and Microsoft Certificates

Since you installed new cert, you should have a popup window for certificate warning when you tried to access webvpn. Did you see that? If yes, you need accept that new cert. Here is the link for your reference.

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2284/products_configuration_example09186a008055641a.shtml#configdisable

Community Member

Re: VPN Concentrators and Microsoft Certificates

I don't receive a popup or anything. The webpage just doesn't come up. The message is "Internet Explorer cannot display the webpage". I'm running the lastest version of the software for the concentrator. If I change the certificate back to a self signed cert the page comes up right away.

Re: VPN Concentrators and Microsoft Certificates

After you changed cert on VPNC, the client web browser should come up that certificate warning window unless you disabled it on purpose or the cert is trusted.

When the browser is trying to establish a SSL connection with a website, if the cert is untrusted, the certificate warning window will pop up.

In IE, Tools->Internet Options->Content Tab->Certificates->Trusted Root Certification Authorities tab, did you see your MS CA is listed there?

Community Member

Re: VPN Concentrators and Microsoft Certificates

The certificate is already trusted by the PC that I'm using. I'm creating a cert using my root Microsoft CA. I've attached the IE window that I get when I go to the webpage.

Re: VPN Concentrators and Microsoft Certificates

Sorry, I don't know what else we could try. Can you open a TAC case to investigate this?

246
Views
0
Helpful
7
Replies
CreatePlease to create content