Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Generating IPSec CA Certificates

Status
Not open for further replies.
Mankyway

Mankyway

Technical User
Dec 20, 2002
51
CL
Hello everybody

I need to start using CA Certificates on my Cisco 3000 Concentrator as a client equipment cannot authenticate using group authentication.
Up to now I have only used pre shared keys so I am totally unfamiliar with certificates although I have read up on them and understand the concept etc.
I apparently need a CA(ROOT) Certificate to validate anything that comes after,
My questions are: Can this be generated by me? or do I need to enrol in Entrust, Verisign etc, and how? (to both)
Is there cost(approx how much?) involved in commercially gained CA's?

Any information would be extremely helpful to me at this time

Many Thanks
 
Sort by date Sort by votes
Do you have an internal CA? If so, is it Microsoft? If so, you need to add the MSCEP extension to the CA so you can issue SCEP certificate to the router/concentrator.

- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
 
Upvote 0 Downvote
I Guess the answer is no!, we do not have an internal CA. The IT guys have looked at Certificate Authority on their workstations which tells them it is not an installed service.
Is there a way I can bootleg one as it is for one VPN Group only?
 
Upvote 0 Downvote
lol

then your IT guys are idiots.....if they are truly looking at workstations for evidence of a CA...be scared, be very scared....

Yea, first things first though...there is no such thing as an "IPSec CA" certificate...there are CA certs, and there are IPSec certs..hell there are even CAs that can only issue IPSec certs...but they are not one and the same :)


Basically, cert svcs is free...so all you need is a server to run it on really. Afterwards, its located in add/remove programs|add/remove windows components
it does require IIS and asp.net also be installed (which can also be found in add/remove windows components)

If you dont have experience with CAs though, you are unlikely to get this to work the first time around...and based on what you said about your "IT guys", I doubt they know either....



- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

eleafpod
  • Locked
  • Question
ISO the best security camera monitoring system
Replies
2
Views
925
Pigasque
Pigasque
raist3001
  • Locked
  • Question
Creating an IPSEC VPN tunnel between 2 DLINK DSR-250 help
Replies
0
Views
114
raist3001
raist3001
thopee133
  • Locked
  • Question
received ipsec delete request
Replies
2
Views
274
thopee133
thopee133
KarstenJHilton
  • Locked
  • Question
Cisco RVS4000 IPSec VPN Setup
Replies
0
Views
72
KarstenJHilton
KarstenJHilton
hummer3331973
  • Locked
  • Question
What ACL to put on my IPSec L2L VPN to block non VPN traffic
Replies
0
Views
49
hummer3331973
hummer3331973

Part and Inventory Search

Sponsor

Back
Top