We recently purchased a certificate for our ASA to use on the outside interface, when connecting in order to get AnyConnect installed or simply use webvpn. I added it as an identity cert and the CA cert as well, and then made it the default cert for the outside interface. This all worked just fine.
Now, we want to use cert-based authentication for our AnyConnect (along with RADIUS which is already working). We have an internal Microsoft cert server, that we would like to use for this purpose. Question is... how can we use the public purchased cert on the outside interface for webvpn and AnyConnect installation and at the same time use the "internal" cert for authentication of VPN client? Is it even possible?
I've already created an internal cert and installed it on the asa along with the CA cert of our internal server. We are running version 8.2(2).
I hope someone, with a little more knowledge about this than me, can assist
Thanks in advance,
Solved! Go to Solution.
Just found this link (which is for ver. 8.2):
Is this what I need to do? Or is it intended for something else entirely?
I just tried the above mentioned setting, and it works when using the AnyConnect client.
But when visiting the https address of the ASA, to get the AnyConnect installed, I get a certificate auth error when logging on. It stille uses the public purchased cert here which is what I want it to, but the auth seems to try and use the authentication cert set up. This would be ok, but the problem is when opening the web site (asa) IE prompts me to select a certificate for authentication, but my computer cert (which I choose with the anyconnect client) isn't available?
Any help much appreciated!