04-03-2017 11:30 AM - edited 03-11-2019 12:36 AM
Hello,
I need to create authentication certificate for SSL VPN on cisco router 2901(Version 15.5(1)T2 ).
And then client should take certificate via http.
On cisco ASA it is easy but, I don´t know how and if it is possible to create this type of certificate and how can I transfer it, but best way for ssl client will be via http.
Notice : This is only to TEST purpose.
Thank you very much for your help.
04-03-2017 06:48 PM
I've written a guide for deploying AnyConnect using IKEv2 with Suite-B cryptography.
In your case, if you only use the bit to do with certificates you should get what you need.
http://www.ifm.net.nz/cookbooks/Cisco-IOS-router-IKEv2-AnyConnect-Suite-B-Crypto.html
04-04-2017 08:27 AM
Thank you for answer Philip but, if client will need obtain certificate which site should he/she use?
when I try it on ASA there was this website: https://<ASA IP/FQDN>/+CSCOCA+/enroll.html
but how it is with cisco router.
Thank you
04-04-2017 11:52 AM
The IOS CA does not support that method.
You need to copy them off the router and then give them to the user, like in my article.
04-07-2017 07:35 AM
Thank you Philip, I wanted to hear this. Do you have some document about that, because I´m writing Master Thesis and I need some confirmation of that or how can I find it, what is that method called ?
Thank you
04-07-2017 12:01 PM
There is the document I wrote which I provided a link to ...
04-12-2017 05:33 AM
Hi Philip,
No, I mean document which will say that, I can not do transfer of SSL certificate by https link.And second question is that what is that method of transfer certificate called or only transfer by https, how to find it?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide