https://community.cisco.com/t5/network-security/preshared-certificates/m-p/1091047#M895014 <P>We are in the process of implimenting SSL VPN using the AnyConnect client. I am curious if it is possible to have a Pre-Shared Certificate that is self signed created and then I would manually install the cert. This would ensure that I control who accesses the network using VPN.</P> Mon, 11 Mar 2019 13:58:17 GMT jstabl 2019-03-11T13:58:17Z https://community.cisco.com/t5/network-security/preshared-certificates/m-p/1091047#M895014 <P>We are in the process of implimenting SSL VPN using the AnyConnect client. I am curious if it is possible to have a Pre-Shared Certificate that is self signed created and then I would manually install the cert. This would ensure that I control who accesses the network using VPN.</P> Mon, 11 Mar 2019 13:58:17 GMT https://community.cisco.com/t5/network-security/preshared-certificates/m-p/1091047#M895014 jstabl 2019-03-11T13:58:17Z https://community.cisco.com/t5/network-security/preshared-certificates/m-p/1091048#M895015 <HTML><HEAD></HEAD><BODY><P>What platform ASA? if so you can use Local CA configured in ASA and have user enrollment and installed in their PC all managed through the ASA applience.</P><P></P><P>Personally I have not used this method but from what I read very practical and all privided by asa .. I recommend to read couple of times <B> The Local CA</B> section of this link to get thorough understanding of its usage and implementation for SSL webVPN or client based vpn.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cert_cfg.html#wp1067484" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cert_cfg.html#wp1067484</A></P><P></P><P></P><P>HTH</P><P>Jorge</P><P></P></BODY></HTML> Thu, 23 Oct 2008 00:54:59 GMT https://community.cisco.com/t5/network-security/preshared-certificates/m-p/1091048#M895015 JORGE RODRIGUEZ 2008-10-23T00:54:59Z https://community.cisco.com/t5/network-security/preshared-certificates/m-p/1091049#M895017 <HTML><HEAD></HEAD><BODY><P>Jorge</P><P></P><P>That is exactly what method I researched and implemented a few days ago. It works really well and allows me to choose who I give certificates to and how long those certs are active. Users get an email with a one time password they use that password to retrieve the cert and then import in to Firefox or IE </P><P> </P></BODY></HTML> Thu, 23 Oct 2008 13:46:24 GMT https://community.cisco.com/t5/network-security/preshared-certificates/m-p/1091049#M895017 jstabl 2008-10-23T13:46:24Z https://community.cisco.com/t5/network-security/preshared-certificates/m-p/1091050#M895019 <HTML><HEAD></HEAD><BODY><P>Jake, thanks for the update and ratings, we are contemplating this inplementation as well, and Im glad to hear it works great.</P><P></P><P></P><P>Rgds</P><P>Jorge</P><P></P><P></P><P> </P></BODY></HTML> Thu, 23 Oct 2008 14:47:15 GMT https://community.cisco.com/t5/network-security/preshared-certificates/m-p/1091050#M895019 JORGE RODRIGUEZ 2008-10-23T14:47:15Z