Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
729
Views
0
Helpful
4
Replies

PKI Enrollment for GETVPN

John Pong
Level 1
Level 1

‎07-13-2014 06:25 PM - edited ‎02-21-2020 07:43 PM

We need to enroll our GMs to our KS's via PKI. Is there a way for us to enroll all our router using the same certificate/CSR? Thanks!
 

Labels:
0 Helpful
4 Replies 4

narcis antonie
Level 1
Level 1

‎07-14-2014 05:35 AM

Hi

equipment (in your case router) it is meant for. I don't think there is a way for the CA to issue a certificate usable on multiple devices

Hope this will help,

Best of luck

0 Helpful

John Pong
Level 1
Level 1
In response to narcis antonie

‎08-04-2014 10:22 PM

Hi Narcis,

Thanks for your response. I was able to perform this however there are some drawbacks since you are using the same certificate signed by the CA, there will be no identity between the devices involved. Aside from that, there is an alarm being generated but is not traffic affecting.

 

0 Helpful

narcis antonie
Level 1
Level 1
In response to John Pong

‎08-05-2014 06:54 AM

Hy John,

Interesting to know, but what is the purpose of the certificate if it can't uniquely identify each router. Does it help you?

Good luck

0 Helpful

John Pong
Level 1
Level 1
In response to narcis antonie

‎08-05-2014 07:48 PM

For ease of deployment purposes without involving the CA server. But this setup wasn't deployed in our production environment.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents