Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
0
Helpful
4
Replies

Type of cert needed for anyconnect ikeV2

Go to solution
mahesh18
Level 6
Level 6

‎06-05-2014 07:37 AM - edited ‎02-21-2020 07:40 PM

 

Hi Everyone,

 

I have created CSR for anyconnect IkeV2.

When i ask the cert vendor what should i ask them that which type of cert i needed for IkeV2?

 

We do not want users to use ssl like https://xyz.com and connect and download the client.

 

We want users machine pre installed with anyconnect and profile and connect using IkeV2.

 

Regards

Mahesh

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-05-2014 08:28 AM

Every certificate vendor has their own way of listing choices. Many include Cisco among their choices. i.e.:

http://www.instantssl.com/ssl-certificate-support/csr_generation/ssl-certificate-index.html

Generally speaking a standard server certificate suffices as we're not doing much fancy with it - just verifying identity. The CN in the CSR should match the FQDN in that case..

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎06-05-2014 12:35 PM

Did you bind the new certificate to your outside interface?

Reference.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-05-2014 08:28 AM

Every certificate vendor has their own way of listing choices. Many include Cisco among their choices. i.e.:

http://www.instantssl.com/ssl-certificate-support/csr_generation/ssl-certificate-index.html

Generally speaking a standard server certificate suffices as we're not doing much fancy with it - just verifying identity. The CN in the CSR should match the FQDN in that case..

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Marvin Rhoads

‎06-05-2014 10:30 AM

 

Hi Marvin,

 

I got cert from Entrust.

it has 3 options server cert,root cert and chain cert.

i installed the server cert on the ASA and now  status of cert has changed from pending.

 

When i connect to anyconnect ikev2 it still gives me cert warning line non trusted cert.Do i need to do any config change in anyconnect ikev2?

Regards

Mahesh

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎06-05-2014 12:35 PM

Did you bind the new certificate to your outside interface?

Reference.

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Marvin Rhoads

‎06-05-2014 12:58 PM

 

Hi Marvin,

 

I did that and now i do not see message saying that you are connecting to untrusted

certificate.

 

Many thanks

Mahesh

0 Helpful
Customers Also Viewed These Support Documents