03-26-2024 04:36 PM
Hello
I'm using internal PKI with Active Directory user certificates deployed using GPO. I want to use them as client certificate only authentication in my FTD managed by FMC.
For my Access interface I have public CA signed certificate, so my non domain users will not get error - I need to keep it.
Could anyone guide me how to achieve it authentication in such environment? I've tried a lot google results but I can't get it working properly.
Solved! Go to Solution.
03-26-2024 11:51 PM - edited 03-26-2024 11:52 PM
1. You need to have the issuer certificate (the one who signed the user certificate) enrolled in FMC (Devices -> Certificates)
2. Use Certificate authentication in connection profile.
03-26-2024 11:51 PM - edited 03-26-2024 11:52 PM
1. You need to have the issuer certificate (the one who signed the user certificate) enrolled in FMC (Devices -> Certificates)
2. Use Certificate authentication in connection profile.
03-27-2024 01:39 AM
I have enrolled certificate for device, using SCEP, in the windows CA (IPSec offline) and set that enrollment to IKEv2 Identity Certificate. I also have that windows CA under "show crypto ca certificates" and certificate issued by that CA.
Is that what you mean at 1. ?
about the 2. I already have Authentication Method: Client Certificate Only
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide