cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

533
Views
0
Helpful
1
Replies
Highlighted
Beginner

CA Server + Key Server(GetVPN)

Hi Guys,

Currently we are testing GetVPN and we need to integrate with CA Server.

Is possible to configure the CA Server and Key Server in the same device?
And, How many GMs is supported?

BR

Henrry

Everyone's tags (4)
1 REPLY 1
Cisco Employee

CA Server + Key Server(GetVPN)

Hi Henrry,

It is possible to configure GETVPN Key Server (KS) and CA Server on the same device. You can check below link for example:

https://supportforums.cisco.com/docs/DOC-13423

Generally it is recommeded to build a PKI server as Root-CA. Then each KS can register with the Root-CA and become Sub-CA.  Then the KS routers register with each Sub-CA.  Now the Root-CA can be taken off-line.  GM's only need to get a cert from one of the sub-CA servers.

Hope this helps.

Thanks,

Chetan