Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
505
Views
0
Helpful
1
Replies

ASA - local CA replacement for user certificates mgmt

lkovar
Level 1
Level 1

‎02-04-2019 08:25 AM - edited ‎03-12-2019 05:33 AM

Hello,we want to migrate ASA to a failover cluster, but we must delete the local CA, because it is not supported there.

What CA do you use in such scenario for managing users and their certs? We tried MS AD CA, which worked fine for Identity certificate but seems to me too complicated  to manage VPN user certificates. Do you suggest MS AD CA, yet ,  or there is a more lightweitght alternative ?

 

Many thanks

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎02-04-2019 08:31 AM

Hi,

MS CA works well for certificate authentication on ASA RAVPN and is relevatively straight forward, example here.

 

Use MS GPO to distribute the certificate to the users/computers.

 

HTH

0 Helpful
Customers Also Viewed These Support Documents