There are a number of guides on the internet related to Windows CA and iPhone but I did not feel that any of them put all the peaces together such that someone could get AnyConnect certificate authentication up with little fuss. Hence, this document.

We will start with a Windows Server Enterprise 2008 R2 x64 VM with all current updates as of 3/4/2012. There are a number of notes on various doc related to issues that are now resloved if your copy of Windows is not updated. So I highly recommend starting with a fully updated instance.

Note - For a real enterprise deloyment many of these peace may already be in place so not every peace may apply and some may even differ. This is a from scratch, in a sandbox enviornment.

The steps that will be detailed below can be summerized as such..

1) create a Domain controller

2) install a Windows 2008 Enterprise CA with NDES services and IIS

3) modify one of Windows built in templates to suit our needs

4) Install the root CA cert on our ASA

5) create a CSR on ASA

6) sign it with our Windows CA

7) install cert on the ASA

😎 create a config profile for iPhone

9) test

Most peaces done in windows will be detailed with screen shots(for obvious reasons), while most peaces on the ASA will be done with the CLI.

1) Create a domain controller