07-07-2008 10:05 PM
All,
I'm assuming this is possible, but I can't seem to find any documentation on the subject. What I'm looking to do is to associate a webvpn group-url (which is tied to an SSL Tunnel group) to a certificate of the same name, so that I can avoid cert errors when connecting to that specific group URL. I'm able to create an ID cert just fine, however it looks like I can only associate one cert per interface. Any ideas if what I'm trying to do here is possible?
Thanks,
JR
07-08-2008 05:22 AM
If you apply cert on default group policy, you should be fine.
Second, More over you question is to resolve an IP address by URL name.
Thanks,
Dharmesh Purohit
07-08-2008 06:18 AM
Hi Dharmesh,
Thanks for your reply. This is actually to resolve a URL name to an SSL group name using the host headers sent by the browser. As far as applying the cert to the default group policy, could you elaborate on exactly which commands to which you are referring?
07-09-2008 01:34 PM
Got some info back from Cisco TAC. Apparently this was a little easier than I originally thought. You can create multiple CNs within a single certificate, and assign that one cert to the interface you choose. In the CLI, it looks like this:
crypto ca trustpoint john
subject-name CN=sales.company.com,CN=engineering.company.com <--NOTE: OU, S, O would all follow after this if I had them defined
enrollment self
crypto ca enroll john
ssl trust john outside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide