02-18-2002 11:17 PM - edited 03-08-2019 09:51 PM
Hello,
we do want to establish a Remote Access VPN Cisco VPN Client 3.51 to VPN3005 v.3.51 using certificates.
We only got it working when the OU field of the certificate of the Concentrator was matching the OU field of the Client Certificate.
If I understand the documentation correctly, the OU field of the client is directly linked with the "group" definitions on the concentrator. What I do not understand is: Why does the OU field of the Concentrator's certificate need to match as well?
http://www.cisco.com/warp/customer/471/installboth.html step 4)
This would limit me to only one group on the concentrator that can use certificates.
If the concentrator's certificate does have a different name in the OU field, the client does not accept the cerificate (at least that's what my test shows).
Am I understanding this correctly?
Is there a way that the OU field in the concentrator's certificate can be empty or different from the OU field of the group name and of the client?
Thanks in advance,
- Robert
02-19-2002 05:00 PM
Robert,
If you want to configure multiple groups on the concentrator, then you can install multiple identity certificates using the different OU in the enrollment form
02-19-2002 11:25 PM
Hello JAZIB,
thanks for your quick reply.
I can install max. 2 Identity Certificates on the Concentrator and I was thinking the second one is to provide a smooth migration to a new CA or to install a renewed certificate without interruption. However - that would give me max. 2 Groups.
But my first question would be:
- Do I understand it correctly that the OU in the Concentrator's Identity Certificate must match with the OU in the Client's Certificate? and if "Yes": Why? (Would make no sense to me)
regds,
- Robert
02-20-2002 07:31 AM
After some more testing I got it working.
I was wrong.
The OU field of the Concentrator's certificate does not need to match with the OU name of the client's certificate or with a Group name.
Sorry for your time.
rgds,
- Robert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide