Thank you for answer Philip

Jaro · ‎04-03-2017

Hello,

I need to create authentication certificate for SSL VPN on cisco router 2901(Version 15.5(1)T2 ).

And then client should take certificate via http.

On cisco ASA it is easy but, I don´t know how and if it is possible to create this type of certificate and how can I transfer it, but best way for ssl client will be via http.

Notice : This is only to TEST purpose.

Thank you very much for your help.

Philip D'Ath · ‎04-03-2017

I've written a guide for deploying AnyConnect using IKEv2 with Suite-B cryptography.

In your case, if you only use the bit to do with certificates you should get what you need.
http://www.ifm.net.nz/cookbooks/Cisco-IOS-router-IKEv2-AnyConnect-Suite-B-Crypto.html

Jaro · ‎04-04-2017

Thank you for answer Philip but, if client will need obtain certificate which site should he/she use?

when I try it on ASA there was this website: https://<ASA IP/FQDN>/+CSCOCA+/enroll.html

but how it is with cisco router.

Thank you

Philip D'Ath · ‎04-04-2017

The IOS CA does not support that method.

You need to copy them off the router and then give them to the user, like in my article.

Jaro · ‎04-07-2017

Thank you Philip, I wanted to hear this. Do you have some document about that, because I´m writing Master Thesis and I need some confirmation of that or how can I find it, what is that method called ?

Thank you

Philip D'Ath · ‎04-07-2017

There is the document I wrote which I provided a link to ...

Jaro · ‎04-12-2017

Hi Philip,

No, I mean document which will say that, I can not do transfer of SSL certificate by https link.And second question is that what is that method of transfer certificate called or only transfer by https, how to find it?

Thanks

Self-signed certificate transfer