Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
713
Views
0
Helpful
1
Replies

Self-Signed Certificate for Remote Access VPN CLIENT

Go to solution
masif.rao
Level 1
Level 1

‎08-09-2012 01:05 AM - edited ‎02-21-2020 06:15 PM

Hi Folks,

I'm trying to achieve two factor authentication, first with radius & 2nd with self signed certificate. Though I have generated self signed certificate & trying to import that certificate but error 39 occuring. Only hindrance authenticating with certificate. I have seen some documents for setting separate certifcate (CA) servers & then to import into clients but i m curious to know about either self generated certificate can be used to authenticate remote access client.

Further ASA is in failover mode so Local CA server is not supported. Is there any way to support local CA.

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎08-09-2012 02:26 AM

Are you talking about using self-signed certificates on the client? I assume that this won't work. At least it is in no way scalable. You should use an internal CA for that task. As the local CA can't be used with failover, you can take a Windows Server 2k3 or 2k8. Another option is to use an IOS-router as a CA-server. But what about taking something else as a second factor? I'm a big fan of the usage of smartphones with the www.duosecurity.com service.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Karsten Iwen
VIP
VIP

‎08-09-2012 02:26 AM

Are you talking about using self-signed certificates on the client? I assume that this won't work. At least it is in no way scalable. You should use an internal CA for that task. As the local CA can't be used with failover, you can take a Windows Server 2k3 or 2k8. Another option is to use an IOS-router as a CA-server. But what about taking something else as a second factor? I'm a big fan of the usage of smartphones with the www.duosecurity.com service.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents