Solved: Re: FMC/FDT RA VPN CertAuth + windows CA

edp-adm · ‎03-26-2024

Hello

I'm using internal PKI with Active Directory user certificates deployed using GPO. I want to use them as client certificate only authentication in my FTD managed by FMC.

For my Access interface I have public CA signed certificate, so my non domain users will not get error - I need to keep it.

Could anyone guide me how to achieve it authentication in such environment? I've tried a lot google results but I can't get it working properly.

Pavan Gundu · ‎03-26-2024

1. You need to have the issuer certificate (the one who signed the user certificate) enrolled in FMC (Devices -> Certificates)

2. Use Certificate authentication in connection profile.

View solution in original post

Pavan Gundu · ‎03-26-2024

1. You need to have the issuer certificate (the one who signed the user certificate) enrolled in FMC (Devices -> Certificates)

2. Use Certificate authentication in connection profile.

edp-adm · ‎03-27-2024

I have enrolled certificate for device, using SCEP, in the windows CA (IPSec offline) and set that enrollment to IKEv2 Identity Certificate. I also have that windows CA under "show crypto ca certificates" and certificate issued by that CA.

Is that what you mean at 1. ?

about the 2. I already have Authentication Method: Client Certificate Only