Solucionado: SSL VPN Certificate Placement on Workstations

newtwork1 · ‎07-21-2011

If you are using certificate for dual factor authentication. What certificates: CA root, SSL Webpage (Identity) Cert, User Authentication Cert) and what desktop locations do you place them in, Machine or User account. Then under that account what folder do you place them in, Trusted Root, Intermediate Trusted Root, User folders?

Any chance you could supply a link to a Cisco doc would help.

Newt

Todd Pula · ‎07-21-2011

The doc below discusses SCEP enrollment with the AnyConnect client and provides some screenshots of the default certificate locations on a Microsoft client. Depending on your deployment requirements, you can influence which specific certificate store is accessed by configuring an AnyConnect XML profile.

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080b25dc1.shtml

Todd

Ver la solución en mensaje original publicado

Todd Pula · ‎07-21-2011

The doc below discusses SCEP enrollment with the AnyConnect client and provides some screenshots of the default certificate locations on a Microsoft client. Depending on your deployment requirements, you can influence which specific certificate store is accessed by configuring an AnyConnect XML profile.

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080b25dc1.shtml

Todd

newtwork1 · ‎08-15-2011

I've noticed in Win7 if you place the Users "Dual Factor" certificate under the user profile (not machine) and force the user to change their password (sometimes if they use CTrl+Alt+Del to change the password) the certificate stops working. If you change the password back to the orignial password the certificate begins to work again. These machines are not in a domain so I don't believe the problem is group policies.

Any thoughts???

newtwork1 · ‎08-25-2011

any thoughts?