Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1292
Views
2
Helpful
2
Replies

VPN client mutual group authentication -- restrict root cert

fanheuser
Level 1
Level 1

‎01-05-2006 07:38 AM - edited ‎02-21-2020 10:14 AM

On a VPN client configured for mutual group authentication to a VPN 3000 headend, is it possible to restrict which root certificate is matched against the VPN concentrator's identity certificate?

Background: multiple CA root certificates are installed on the VPN client for other reasons, but only one CA should be used for the VPN mutual group authentication.

Labels:
0 Helpful
2 Replies 2

ebreniz
Level 6
Level 6

‎01-11-2006 08:56 AM

As far as I know, there is no option to define this on the VPN client. May be the VPN client tries to match the certificate in the order listed on the client. I am not sure of this, though you can try placing the certificate on the top of the list.

fanheuser
Level 1
Level 1
In response to ebreniz

‎01-13-2006 01:18 AM

Ordering the list does not help, because I want only to match against certain of all installed root certificates.

Thanks nevertheless ... in the meantime, I found something:

-- VPN client version 4.0.5: no restriction possible, only the certificate store used for matching can be defined (Microsoft, Cisco)

-- VPN client 4.6 and later: with the "VerifyCertDN" keyword in the connection profile, this can be done.

The connection profile attributes "CertName" or "CertSubjectName" are apparently not checked for this type of authentication.

0 Helpful
Customers Also Viewed These Support Documents