Cisco 5505 Administration Guide - Page 25
Replacing a Digital Certificate with a Trusted Certificate, In Response to a Netscape, Mozilla - ha
UPC - 882658082252
View all Cisco 5505 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 25 highlights
Chapter 2 Common AnyConnect VPN Client Installation and Configuration Procedures Before You Install the AnyConnect Client Step 9 Step 10 Click OK to close the Certificate window. Click Yes to close the Security Alert window. The security appliance window opens, signifying the certificate is trusted. In Response to a Netscape, Mozilla, or Firefox "Certified by an Unknown Authority" Window The following procedure explains how to install a self-signed certificate as a trusted root certificate on a client in response to a "Web Site Certified by an Unknown Authority" window. This window opens when you establish a Netscape, Mozilla, or Firefox connection to a security appliance that is not recognized as a trusted site. This window shows the following text: Unable to verify the identity of as a trusted site. Install the certificate as a trusted root certificate as follows: Step 1 Step 2 Step 3 Click the Examine Certificate button in the "Web Site Certified by an Unknown Authority" window. The Certificate Viewer window opens. Click the "Accept this certificate permanently" option. Click OK. The security appliance window opens, signifying the certificate is trusted. Replacing a Digital Certificate with a Trusted Certificate A trusted Certificate is the most secure option. You can replace the central-site security appliance digital certificate with a trusted certificate by following the procedures in this section. By default, the security appliance has a self-signed Certificate that is regenerated every time the device is rebooted. You can purchase a Certificate from a CA provider like Verisign or Entrust with the name matching the Fully-Qualified Domain Name (FQDN) of your central-site security appliance (for example, vpn.yoursys.com), or you can have the security appliance issue a permanent Certificate for itself by entering the following commands, replacing x.x.x.x with the IP of your security appliance outside or public address: crypto ca trustpoint self enrollment self subject-name CN=x.x.x.x,CN=vpn.yoursys.com crl configure crypto ca enroll self ssl trust-point self outside write When users first connect using AnyConnect, they should click "View Certificate", install this new certificate, then click "Yes" to proceed. The next time they re-connect, they do not see the security alert popup, even if the security appliance is rebooted. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-7