Solved: Anyconnect & digital certificate authentication

mulhollandm · ‎01-11-2011

folks

i have a query about authenticating users with digital certs and username/password

my ssl vpn is working ok but i only have a single user so far

my query is about how to handle additional users and certificates

i'm going to add the users into the asa for local authentication but its the certificates i'm not sure about

can i use the same account in the local certificate user dbase, i.e. sslconnect, and just generate a new OTP for each user i add to create the certificate or should i create a new account in the LCA user dbase for each user account i create in AAA

hope this isn't too confusing

thanks to anyone taking the time to reply or to read this

greatly appreciated

Jennifer Halim · ‎01-11-2011

If you are authenticating using certificate, then you would need to issue each user a different certificate for him/herself. The certificate will be unique certificate for each user. I would recommend that you have the username as the certificate CN instead of a common "sslconnect" as the CN, so you can distinguish different user.

Hope that answers your question.

View solution in original post

Jennifer Halim · ‎01-11-2011

If you are authenticating using certificate, then you would need to issue each user a different certificate for him/herself. The certificate will be unique certificate for each user. I would recommend that you have the username as the certificate CN instead of a common "sslconnect" as the CN, so you can distinguish different user.

Hope that answers your question.

mulhollandm · ‎01-11-2011

jennifer

many thanks for the prompt response, its greatly appreciated

i think what you suggest is what i need to do so i'll test it out asap

thanks again