tema Re: SSL VPN Certificate Placement on Workstations en VPN

SSL VPN Certificate Placement on Workstations

newtwork1 — Thu, 21 Jul 2011 13:37:25 GMT

If you are using certificate for dual factor authentication. What certificates: CA root, SSL Webpage (Identity) Cert, User Authentication Cert) and what desktop locations do you place them in, Machine or User account. Then under that account what folder do you place them in, Trusted Root, Intermediate Trusted Root, User folders?

Any chance you could supply a link to a Cisco doc would help.

Newt

SSL VPN Certificate Placement on Workstations

Todd Pula — Thu, 21 Jul 2011 20:19:04 GMT

The doc below discusses SCEP enrollment with the AnyConnect client and provides some screenshots of the default certificate locations on a Microsoft client. Depending on your deployment requirements, you can influence which specific certificate store is accessed by configuring an AnyConnect XML profile.

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080b25dc1.shtml

Todd

Re: SSL VPN Certificate Placement on Workstations

newtwork1 — Mon, 15 Aug 2011 16:38:27 GMT

I've noticed in Win7 if you place the Users "Dual Factor" certificate under the user profile (not machine) and force the user to change their password (sometimes if they use CTrl+Alt+Del to change the password) the certificate stops working. If you change the password back to the orignial password the certificate begins to work again. These machines are not in a domain so I don't believe the problem is group policies.

Any thoughts???

Re: SSL VPN Certificate Placement on Workstations

newtwork1 — Thu, 25 Aug 2011 18:39:07 GMT

any thoughts?