Hi all I am going to present two questions with it's solution. Please comment.
Question 1 ======== A router has been enrolled to an IOS CA server and the https secure server should use this certificate using ip http secure-truspoint command for it's self identity. Now from a PC, you are trying connect to the router using https with IE 6.0. The task is that, I should configure the PC, so that I am not prompted with a pop up for confirmation the cert is valid. For this I should do three things 1. Add the certificates hostname in the Hosts file and access the router using hostname that is in the identity cert. 2. Make sure the clock is set correct and certificate validity period is valid. 3. Install the certificate in the trusted root certificate authorities. First two, I have no issues. For the third one, I installed the router's identity certificate along in the Windows "Trusted root certificate authorities" and that completed the solution. Well the question is instead of installing the identity certificate, if I install the root certificate of the IOS CA server, the Windows should trust the idenity certificate presented, right? But that doesn't happen. Logically, that should also work. Question 2 ======== A router should be configured L3 IP NAC. The ACS should not use self signed certificate rather request a certificate from IOS CA server. Now NAC L3 IP uses PEAP and thus ACS will be presenting the identity certificate that it got from the IOS CA server to client for self identity during PEAP establishment. The question here, on the client PC for which posture validation is performed, should I install the identity certificate of CA server or IOS CA server root certificate or both in Windows "Trusted root certificate" authorities. Please the questions are related. Please provide your comments. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
