Re: Associate a group-url with a certificate

rossiterj · ‎07-07-2008

All,

I'm assuming this is possible, but I can't seem to find any documentation on the subject. What I'm looking to do is to associate a webvpn group-url (which is tied to an SSL Tunnel group) to a certificate of the same name, so that I can avoid cert errors when connecting to that specific group URL. I'm able to create an ID cert just fine, however it looks like I can only associate one cert per interface. Any ideas if what I'm trying to do here is possible?

Thanks,

JR

purohit_810 · ‎07-08-2008

If you apply cert on default group policy, you should be fine.

Second, More over you question is to resolve an IP address by URL name.

Thanks,

Dharmesh Purohit

rossiterj · ‎07-08-2008

Hi Dharmesh,

Thanks for your reply. This is actually to resolve a URL name to an SSL group name using the host headers sent by the browser. As far as applying the cert to the default group policy, could you elaborate on exactly which commands to which you are referring?

rossiterj · ‎07-09-2008

Got some info back from Cisco TAC. Apparently this was a little easier than I originally thought. You can create multiple CNs within a single certificate, and assign that one cert to the interface you choose. In the CLI, it looks like this:

crypto ca trustpoint john

subject-name CN=sales.company.com,CN=engineering.company.com <--NOTE: OU, S, O would all follow after this if I had them defined

enrollment self

crypto ca enroll john

ssl trust john outside