| Hi Kings, Did you test client-based certificate authentication, or server certificate verification? The last the ASA can do, as the ASA can have a dns-server configured, so it can verify the subject of the certificate against the hostname you're trying to connect to. (most common usage is that the client only validates that it is connecting to the specified hostname and that the certificate belonging to that hostname is valid). About the client-based certificate, it could be that the ASA is using his certificate (if it's also from the same domain CA) as client authentication and not the certificate of your browser. You don't see that much client-based certificate authentication (WAAS Central manager and MS BITS use it), but for browsers with end users, haven't come across them that often HTH PJ On 30 sep 2010, at 16:09, Kingsley Charles wrote: Hi all --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: [email protected]  Think before you print. |
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
