cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
MattDunn
Copper

SSL VPN Certificates

I have a question re SSL VPN certificates - using 3rd party certificates.

My understanding is that if you use SNX you generate the CSR via the IPSec VPN page, get the valid cert, then "complete" the cert via the IPsec VPN page.  This certificate has no bearing on Mobile Access.

If you enable Mobile Access, you generate the CSR via the command line, get the cert, then import it via the Platform Portal page.  So this is a different cert to what SNX would use.

My customer currently uses SNX (not MAB) and has a certificate for that, with 200 clients connecting using the VPN client.  That's working well.  But now they're interested in Mobile Access which would require purchasing another certificate.  

Will enabling MAB and installing a new certificate cause the existing VPN clients to moan?

Will the new MAB certificate override what the existing VPN clients see when connecting (and cause a certificate mis-match type error message to pop up for the users)?

Is there a way to use the same certificate for both the IPSec and Platform Portal tabs?

 

 

4 Replies
Wolfgang
Silver

Re: SSL VPN Certificates

You can use the same certificate. Import your existing certificate to the MOB-configuration via SmartConsole.

If the SNs in the certificate will match again the MOB-Portal DNS-name everything should fine.

And yes you're right, if you enable MOB you get the certificate from the MOB-Portal.

What did you mean with VPN-clients ? SNX is clientless SSL VPN, only the small ssl-extender agent is installed, not a real VPN client.

Wolfgang

0 Kudos
Jerry
Gold

Re: SSL VPN Certificates

IPSec does not use SSL Certificate
MAB uses either SSL Cert or IPSec host-based-cert.
I think you need to learn a little about the MAB and Remote Access security from CP ...

seach support site for sk's about MAB.
Jerry
0 Kudos
Wolfgang
Silver

Re: SSL VPN Certificates

Hello Jerry,

you're right with your answer, 

But as I understand Matt, he is already using SNX (SSL extender) and for this an SSL certificate is in use.

And this same certificate can be used to import in the MAB. You can use there the one created from SmrtCenters CA or from a Third Party.

Wolfgang

0 Kudos
Jerry
Gold

Re: SSL VPN Certificates

0 Kudos