Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1165
Views
0
Helpful
1
Replies

CA Server + Key Server(GetVPN)

henrry.huaman
Level 1
Level 1

‎12-12-2012 12:24 PM - edited ‎02-21-2020 06:33 PM

Hi Guys,

Currently we are testing GetVPN and we need to integrate with CA Server.

Is possible to configure the CA Server and Key Server in the same device?
And, How many GMs is supported?

BR

Henrry

Labels:
0 Helpful
1 Reply 1

Chetankumar Phulpagare
Cisco Employee
Cisco Employee

‎12-12-2012 04:48 PM

Hi Henrry,

It is possible to configure GETVPN Key Server (KS) and CA Server on the same device. You can check below link for example:

https://supportforums.cisco.com/docs/DOC-13423

Generally it is recommeded to build a PKI server as Root-CA. Then each KS can register with the Root-CA and become Sub-CA.  Then the KS routers register with each Sub-CA.  Now the Root-CA can be taken off-line.  GM's only need to get a cert from one of the sub-CA servers.

Hope this helps.

Thanks,

Chetan

0 Helpful
Customers Also Viewed These Support Documents