Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
375
Views
0
Helpful
4
Replies

Anyconnect On Demand Server 2012

tahequivoice
Level 2
Level 2

‎06-26-2014 08:19 AM - edited ‎02-21-2020 07:42 PM

I need to use 2012 to send out the certificates for the clients. Are there any Docs on setting this up specifically for 2012?  Everything I found so far is for 2003-8.

Labels:
0 Helpful
4 Replies 4

nkarthikeyan
Level 7
Level 7

‎06-26-2014 09:49 AM

Hi,

 

is this what you are looking for??

http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability

http://blogs.msdn.com/b/kaushal/archive/2012/10/11/central-certificate-store-ccs-with-iis-8-windows-server-2012.aspx

 

Regards

Karthik

0 Helpful

tahequivoice
Level 2
Level 2
In response to nkarthikeyan

‎06-26-2014 10:57 AM

These are what I have found, the first one is the overview, and I have several deployments where the ASA is the Certificate Server, however I have a request to make the Certificate Server their AD, which is 2012. I can find all kinds of docs on using 2003 -8 for this purpose, but the only one related to 2012 is the bottom link, and I am having issues getting the OCSP working based on that doc.  Some critical information was missing on the user used for the services on the Microsoft papers, so not at all surprised that I still cant get it to work. 

 

 

 

http://www.cisco.com/c/dam/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/guide_c07-717020.pdf

http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116720-config-asa-ocsp-00.html#anc9

On this doc, CA Configuration for OCSP Template, step one shows group or username but no where in the doc, does it specify the shown user being set up. 

0 Helpful

tahequivoice
Level 2
Level 2

‎06-26-2014 02:03 PM

Some further information. In a nutshell, instead of having to add every user to the ASA to issue a certificate for their Anyconnect Mobile, they want to use Active Directory.

 

http://www.cisco.com/c/en/us/support/docs/ip/lightweight-directory-access-protocol-ldap/116096-configure-anyconnect-openldap-00.html#anc13

 

I am not finding anything on how to configure the ASA and Windows server to be able to do this.

 

Can it be done?

0 Helpful

tahequivoice
Level 2
Level 2
In response to tahequivoice

‎06-26-2014 02:11 PM

Found this, might be on the right trail now, but hate going through all of this to find out it wont work.

 

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/Unified_Access_Book/UA_Security.html#wp1253798

0 Helpful
Customers Also Viewed These Support Documents