11-28-2014 05:30 AM - edited 02-21-2020 07:57 PM
I am configuring ASA 5512X for IPSec VPN for last couple of days. I use ASA5512X as local certificate server.I have created Identity Certificates. Then i create IPSec VPN group with certificate option instead of group authentication. Everything has been configured accordingly. I have also exported the CSR certificates from ASA to local PC. But when i try to connect the ASA from PC with Cisco VPN client i need profile certificate(.pcf). Please guide me how to generate .pcf certificate from self-signed identity certificate server of ASA5512X.
11-28-2014 06:07 AM
You are using the wrong client. The local CA of the ASA only supports AnyConnect with SSL/TLS, but not the legacy VPN-Client.
More information on the local CA can be found in the config-guide:
11-29-2014 05:29 AM
What i need is a Certificate authentication instead of Group Authentication with self-signed certificate generated in ASA 5512X locally. Certificate must be unique for each user so that no user could able to login with his or her credential from any others machines.But i could not find any solution from the provided url.
Please guide me.
11-29-2014 10:18 AM
You should be able to create user certificates via the procedure in the document Karsten pointed you to. Reference. Few people use the ASA as a CA though as it is not a very sustainable or scalable solution.
The users would then need to download those certificates into their local certificate store. with that in hand, they could then create the pcf file locally and specify certificate authentication, choosing that newly downloaded certificate.
Of course you would be using a discontinued client that will not be supported for Windows 8 and later OS.
12-02-2014 10:21 PM
Can anybody provide me the certificate authentication solution in ASDM?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide