I need to have single-click authentication for clientless ssl vpn.
Just type in https://IPADDRESS/
get web page where group alias is visible and click login. No username, no pass. Something similar as it is using PEAP on Wireless.
I tried to generate self sign identity certificate and SSH keypair. It worked. I configured group policy to use certificate only authentication. It worked.
At the end, I configured
ssl trust-point SSL-TP outside
trust point is the using prevously generated identity certificate.
And here problems begin.
I can export that certificate as PKCS12 file, using password. When I try to import that same certificate in Windows 7, it reports that pass is not good (I am 100% sure that it is).
I know that I am doing something wrong, but I do not know what. Is this even doable? If not with self-signed, how then? I have request literaly just to click to login and it should work. When I choose certificate base authentication, I get thet (no username/pass fields of web form) but always get report that certificate is invalid, or something.
Thank you a lot