12-17-2013 11:15 PM
Hi there:
I'm trying to configure a clientless authentication using certificates issued by my own CA but I can't
I get a certificate validation failure
I was searching for a configuration guide but I can't found it
I enrolled the ASA with the CA and assigned the certificate to outside
I enrolled the user to CA
I configured the connection profile to certificate authentication method
I configured the certificate map connection profile to OU field in the certificate
I begin to suspect this is not a valid design unless the ASA is the CA
Can somebody confirm if I can authenticate my users using SSL VPN with cerificates from an external CA?
Someone know a configuration guide to do it?
Thank you in advance
Al
12-18-2013 12:39 AM
You also can use an external CA. Thats also the common way as the local CA can't be used in Failover-Scenarios.
Start with the configuration-guides on certificates:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_certs.html
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_clientless_ssl.html
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
12-18-2013 11:09 PM
Thank you Iwen
Finally I found the problem
You need to enroll the user certificate across the ASA (ASA as proxy)
If you try to make the enrollment directly to CA the certificates are different
the DC at left is the result of direct enrollment and doesn't work
the DC at right is the right one
Thank you very much
Al
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide