When I try create and download certificates, or edit the CA settings, I get this
The URL you requested could not be found on this server.
This is when I am connected to the ICA management tool on 18265.
The ICA Management Tool is disabled by default. You can enable it on the CLI of your SmartCenter Server.
Example: cpca_client set_mgmt_tool on -no_ssl
Access the WebUI of your ICA Management Tool via : http://<ip-of-your-smartcenter>:18265
cpca_client [-d] set_mgmt_tool on|off [-p <ca_port>] [-no_ssl][-a|-u "administrator|user DN" ... ] * on starts the ICA Management Tool (on port 18265) * off stops the ICA Management Tool * -p specifies a different port to access the ICA Management Tool * -no_ssl starts the ICA Management Tool on http instead of https * -a "administrator DN"
cpca_client [-d] set_mgmt_tool on|off [-p <ca_port>] [-no_ssl][-a|-u "administrator|user DN" ... ]
* on starts the ICA Management Tool (on port 18265) * off stops the ICA Management Tool * -p specifies a different port to access the ICA Management Tool * -no_ssl starts the ICA Management Tool on http instead of https * -a "administrator DN"
If your issue remains, try to work on CLI only by using the following commands:
thanks for your reply.
it is enabled. I can connect to the tool, and get the same pages as you provided. Whenever I try download a certificate, it comes up the error above. A few other parts to the site display the same error too.
if I did it via clish, how would I download the cert? Or retrieve it?
In addition, I do have SSL enabled. Should I disable it as you said above?
That's what I suggested to try. May I ask what you are trying to do with the ICA Management Tool that SmartDashboard can't?
You would copy certs off your SmartCenter's CLI via scp of course.
You maybe able to help me here actually.
I am setting up the authentication for mobile remote access. I want all corporate machines, connection to the IPSEC VPN to have a personal certificate, and also RADIUS auth.
I know there is an option under multiple auth for cert+user and password.
I believe the 'personal certificate' part needs to be created by the internal CA, hence why I am trying to log into the ICA.
Am I doing this wrong? I want 1 generic certificate that I can generate and deploy via group policy to all corporate machines, so non-corporate machines can not connect, regardless if they can authenticate via RADIUS.
1) Would this work?
2) Is this the best way to do it?
Danny - your help is appreciated. I feel like I am running around in circles at the moment.
Typically you'd create personal certificates within SmartDashboard within the User Properties of your User Accounts.
Okay, I have a question for you then.
So, as above, we need a certificate for machines, not users. We may have multiple users over the year using the same corporate laptop. We need 1 certificate we can deploy across all corporate machines, so its locked and stored there, and deployed via group policy.
If I did it that way, through SmartDashboard, how could I create 1 generic one for machines, and not tie it to single users? We have over 4000 employees, and 3000 corporate laptops. Obviously it would be impossible deploy a certificate for every user, or every machine.
1 generic one would do the trick. Any clues?
Retrieving data ...