Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
819
Views
0
Helpful
2
Replies

Playing with Certificates - Certificate Matching and Cert Stores

Go to solution
Rafa
Level 1
Level 1

‎09-27-2017 12:46 AM - edited ‎03-12-2019 04:34 AM

Hi All.

I have a question, may someone can help me.

 

We have a ASA 5510 in our company, which we use for VPN.

We have a second authentication, which is realised with DUO.

 

Now, we want additionally a certificate matching, so we just let machine in our network, which have this cert.

 

For this, I have created a CA-Server on the ASA.

The CA Server is enabled, Cert is enrolled and the Authentication in the specific Tunnel-Group is on Both (AAA & Cert)

 

Now, I have played a little with the AnyConnect Profile. In this, you can add a certificate match, which search on your machine for the right cert.

Now my question:

I have installed the cert manually, it's installed in the Personal Cert Store.

But when I install the cert with our provisioning tool, the cert is going to another Store: Trusted People

When the cert is installed in this Store, AnyConnect doesn't find the cert.

Do I have to install the cert manually on every machine, or is there another solution, means AnyConnect will search in another store?

 

I have tested the option: CertificateStore - All, but it doesn't search in the Right Folder.

 

Don't know what to try next.

 

Please help me.

 

Thanks in Advance

&

Kind regards

Rafael

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-27-2017 12:54 AM

AnyConnect can only check user certificates in the Personal certificate store (and machine certificates in the machine certificate store).

 

If the end user enrolls they should be placed in the correct store automatically. If your 3rd party provisioning tool is not putting them there then it needs to be resolved with that tool.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-27-2017 12:54 AM

AnyConnect can only check user certificates in the Personal certificate store (and machine certificates in the machine certificate store).

 

If the end user enrolls they should be placed in the correct store automatically. If your 3rd party provisioning tool is not putting them there then it needs to be resolved with that tool.

0 Helpful

Go to solution
Rafa
Level 1
Level 1
In response to Marvin Rhoads

‎09-27-2017 01:05 AM

Ok, I thought that.

So I will check if we can change this.

I hope, I don't have to install the certs manually, cause there round about 1k machines. :(

 

Thanks for your help, I will keep you informed.

 

Best regards

Rafael

 

0 Helpful
Customers Also Viewed These Support Documents