Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
0
Helpful
1
Replies

IOS CA for SSL VPNs

Go to solution
newtwork1
Level 1
Level 1

‎03-15-2011 11:16 AM

How would you configure an ios ca server to authenticate SSL vpn users when not using a domain name?

My public IP is (for example) 1.1.1.1. I will not be using this with a domain name. How can my CA server / trustpoint be configured to prevent users from getting certificate errors after the certificate has been installed?

I have the ssl vpn up and working I can even login using AnyConnect2.3, just not 2.5. I know a work around for this is to modify the hosts file, but is there another way around this through configuring the CA server or trustpoint? Thanks for the help.

Newt.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Herbert Baerten
Cisco Employee
Cisco Employee

‎03-20-2011 04:05 AM

Hi Newt,

To avoid the warning about a name mismatch, make sure the CN of the certificate contains the IP address of the SSLVPN gateway.

e.g.

cry ca trustpoint blah

  subject CN=1.1.1.1

then (re-)enroll the trustpoint to get a new certificate with the correct subject.If the users have the CA cert installed, then they don't need to change anything . If they have the server cert installed, they will have to install the new one.

hth

Herbert

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Herbert Baerten
Cisco Employee
Cisco Employee

‎03-20-2011 04:05 AM

Hi Newt,

To avoid the warning about a name mismatch, make sure the CN of the certificate contains the IP address of the SSLVPN gateway.

e.g.

cry ca trustpoint blah

  subject CN=1.1.1.1

then (re-)enroll the trustpoint to get a new certificate with the correct subject.If the users have the CA cert installed, then they don't need to change anything . If they have the server cert installed, they will have to install the new one.

hth

Herbert

0 Helpful
Customers Also Viewed These Support Documents