Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12768
Views
0
Helpful
2
Replies

pre-shared key vs certificate is which best and why

byron.alexander
Level 1
Level 1

‎08-21-2002 09:52 AM - edited ‎03-09-2019 12:01 AM

I have pre-shared key setup and working on my VPN concentrator but I am thinking that certificates would give me added security can someone advise me on which way to go. Thanks

Labels:
0 Helpful
2 Replies 2

paqiu
Level 1
Level 1

‎08-21-2002 02:08 PM

Hi,

In security point of view, using CA server and certificate will add more security to your VPN network, that is for sure. Certificate has much longer public and private key then pre-shared. Certificate is not easy to be exported, once the laptop has been stolen, you can revoke the certificate from the Cert server.

If you are using pre-shared key, you need change all other PC's group password in case someone get he group password from the stolen PC.

If you have more than 10 LAN to LAN sites, using certificate can make the configuration simpler, because you do not need to config pre-shared keys for each site.Use same Cert server and enroll all the routers to it , then it will be done.

For the remote access point of view, You need enroll all your clients(depending or username or PC), each client will have one certificate. If you have several hundreds of users, that will increase your workload for sure.

Best Regards,

Paul Qiu

0 Helpful

naqnazri1
Level 1
Level 1
In response to paqiu

‎06-14-2022 06:30 PM

Hi Paul Qiu,

 

Thank you for the excellent information!

I would like to ask also if I may, what happen if the running router that using certificate and suddenly:

1. Its been rebooted

2. Router Faulty then replace with new one. Does it will enroll the new certificate?

 

Please advice

Thank you!

Regards,

Naqib Nazri

0 Helpful
Customers Also Viewed These Support Documents