I have done it once. You can use certificate from IOS CA server for SSLVPN. The ASA should also be enrolled to that CA server.
With regards Kings On Thu, Apr 26, 2012 at 8:24 PM, Ben Shaw <[email protected]> wrote: > OK thanks, > > Does anyone know if the method by which a certificate is requested effects > the operation/functionality of the certificate that is received back? > > If the IOS CA supports any clients as long as they use SCEP then I can > only think of using the Cisco IPSec client in Windows to enrol with the IOS > CA to obtain a certificate as it supports SCP or manual CSR file creation > which can be manually imported into the CA. I am not sure however if the > certificate I receive back which was requested using an IPSec client will > then be suitable to use for authentication of an SSL VPN sesson. > > As mentioned I had issues before when I created the request in the IPSec > client but tried to use the certificate with SSL. Obtaining a new > certificate from an MS CA using the http://*server_name*/certsrv website > on the MS CA provided me with a certificate that I was able to use for SSL > VPN authentication successfully. > > If there is a limitation on the use of certificates requested in a certain > way and the only way to obtain a client from an IOS CA is via SCEP (with > IPSec client) then I am wondering how we can do certificate based SSL VPN > authentication in the lab if we are using an IOS CA for PKI. > > Any thoughts? > > > > > On Thu, Apr 26, 2012 at 10:29 PM, waleed ' <[email protected]> wrote: > >> IOS CA use SCEP protocol if the client support this protocol for >> enrollment I think you can use it for non cisco devices >> >> >> ------------------------------ >> Date: Thu, 26 Apr 2012 15:11:39 +1000 >> From: [email protected] >> To: [email protected] >> Subject: Re: [OSL | CCIE_Security] Does the IOS CA Server have a web >> interface for certificate creation >> >> >> Thanks Mike and good point Adil, >> >> maybe you are right. My memory seems to recall that it may only be usable >> for routers. Can anyone else confirm this? >> >> I was under the impression it is an IOS CA that we have been told we will >> need to use in the lab exam as opposed to an MS CA. This would be a rather >> large limitation for this CA if we were expected to use it to create >> certificates for remote access VPN. >> >> Ben >> >> >> >> >> On Thu, Apr 26, 2012 at 9:33 AM, Adil Pasha <[email protected]> wrote: >> >> Can IOS CA server be used for non-Cisco devices such as desktops? >> >> >> Best Regards. >> ______________________ >> Adil S Pasha >> >> >> On Apr 25, 2012, at 2:45 PM, Mike Rojas wrote: >> >> Ben, >> >> Besides the GUI from the IDM, you are not going to be allowed to use any. >> (Exam purpose) but in regards of the "real life scenario" I have not seen >> any. >> >> Mike >> >> ------------------------------ >> Date: Thu, 26 Apr 2012 01:42:30 +1000 >> From: [email protected] >> To: [email protected] >> Subject: [OSL | CCIE_Security] Does the IOS CA Server have a web >> interface for certificate creation >> >> Hi All >> >> one of the things I like about the ASA CA server is that it has a web >> interface to be able to create certificate signing requests for client >> computers. There is also the ability to add these requests via the CLI wit >> the 'user-db' function. >> >> Consider I believe it will be an IOS CA we will be asked to create in the >> lan exam and not a CA on an ASA, have been looking to see if the IOS CA has >> the same feature in v12.4 so that a client computer can enrol with the CA >> and receive a certificate without needing to install the Cisco VPN Client >> to create the CSR or use some other convoluted method such as via IIS. >> >> Can anyone tell me if there is such a feature within the IOS CA that >> allows certificates to be created for client computers via the CLI like >> there is in the ASA CA? >> >> Thanks >> Ben >> >> _______________________________________________ For more information >> regarding industry leading CCIE Lab training, please visit >> www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> >> >> >> _______________________________________________ For more information >> regarding industry leading CCIE Lab training, please visit >> www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
