cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
871
Views
0
Helpful
3
Replies

How to enforce a client certificate?

alsii
Beginner
Beginner

I need to enforce the certificate used by my VPN client. Is it possible without suppressing the certificates present in the Windows personal and machine stores?

2 Accepted Solutions

Accepted Solutions

Rob Ingram
VIP Master VIP Master
VIP Master
Hi,
If you use the AnyConnect VPN Profile Editor, you can select which certificate store All (default), machine or user. The AnyConnect XML file can be pushed out via ASA directly.

Alternatively edit the anyconnect profile xml file, manually and change to the following:

<CertificateStore>User</CertificateStore>

HTH

View solution in original post

Hi,

No, there is only the user or machine certificate stores, you cannot further segregate.

 

If you wanted something unique for AnyConnect you could create a unique certificate template e.g "VPNTemplate" on the CA, distribute the certificates to AnyConnect users. Within AnyConnect (using the profile editor) you could match on a specific value only within that template.

 

HTH

View solution in original post

3 Replies 3

Rob Ingram
VIP Master VIP Master
VIP Master
Hi,
If you use the AnyConnect VPN Profile Editor, you can select which certificate store All (default), machine or user. The AnyConnect XML file can be pushed out via ASA directly.

Alternatively edit the anyconnect profile xml file, manually and change to the following:

<CertificateStore>User</CertificateStore>

HTH

Thanks, can I use a custom store to have a neat certificates segregation, possibly integrated into anyconnect?

Hi,

No, there is only the user or machine certificate stores, you cannot further segregate.

 

If you wanted something unique for AnyConnect you could create a unique certificate template e.g "VPNTemplate" on the CA, distribute the certificates to AnyConnect users. Within AnyConnect (using the profile editor) you could match on a specific value only within that template.

 

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers