Solved: VPN Certificate

kostasthedelegate · ‎10-20-2020

Hello,

I have a pair of 1010 in HA managed by FMC. The version is 6.4.0.9.

I would like to setup RA VPN.

I do not know if the customer has a CA for the certificate.

Could I use a self signed certificate form the FMC?

If I use this option I will have to manually install the certificate on the client, right?

Thanks and regards,

Konstantinos

Mohammed al Baqari · ‎10-20-2020

Yes, you need to have the signing certificate installed in trusted root of
users.

**** please remember to rate useful posts

View solution in original post

rschlayer · ‎10-20-2020

Hello @kostasthedelegate,

you can use a self signed just fine for VPN as long as you allow the connection to "untrusted servers" in AnyConnect Client.

You will get a certificate warning whenever you connect.

When you put the self-signed cert into the trust store it should disappear but it is not necessary.

Best regards,

Rick

View solution in original post

Marvin Rhoads · ‎10-21-2020

While you can use self-signed or internal CA-signed certificates, it's strongly recommended to use a certificate issued from a trusted public CA. The only exception is for one-off lab use.

View solution in original post

Mohammed al Baqari · ‎10-20-2020

Yes, you need to have the signing certificate installed in trusted root of
users.

**** please remember to rate useful posts

rschlayer · ‎10-20-2020

Hello @kostasthedelegate,

you can use a self signed just fine for VPN as long as you allow the connection to "untrusted servers" in AnyConnect Client.

You will get a certificate warning whenever you connect.

When you put the self-signed cert into the trust store it should disappear but it is not necessary.

Best regards,

Rick

Marvin Rhoads · ‎10-21-2020

While you can use self-signed or internal CA-signed certificates, it's strongly recommended to use a certificate issued from a trusted public CA. The only exception is for one-off lab use.