Types of cert required for vpn

S891 · ‎02-27-2023

What should be the certs installed or included for ssl vpn. I typically see identity cert getting renewed every year ( before it used to have 3 yrs validity), but along with it, should I update the intermediate and root cert as well every time?

What is cert chain? Is it both intermediate and root together? If I see that these two are valid for many years to come can I just renew the identity cert and not worry about chain?

balaji.bandi · ‎02-27-2023

Most PKI environment the root CA will be valid for long time, intermediate and SAN will be updated every year or 3 years depends on setup.

What is cert chain? Is it both intermediate and root together? If I see that these two are valid for many years to come can I just renew the identity cert and not worry about chain?

https://knowledge.digicert.com/solution/SO16297.html#:~:text=What%20is%20a%20Certificate%20Chain,and%20all%20CA's%20are%20trustworthy.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sheraz.Salim · ‎02-28-2023

Correct the certificate are now for 1 year life time. This is where it put me in extra pre-work every year and keep track on the cert when its going to expire

for public certificate (I assume this is what you talking about) they are as said by you 1 year life time. when you generate the CSR for your certificate identity require and give this CSR to public CA they will generate/signed the cert (giving you the identity cert) with that they will give you the sub-ca and ca. normally the ca and sub-ca life windows is more than 5 or 10 year.

What is cert chain? Is it both intermediate and root together?

certchain include your Identity cert with sub-ca and ca

If I see that these two are valid for many years to come can I just renew the identity cert and not worry about chain?

correct

Example: I just check go daddy CA life time dates are as below

Valid From :

07:00:00 UTC May 03 2011
Valid To :

07:00:00 UTC May 03 2031

please do not forget to rate.