FirewallWizards
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [fw-wiz] Digital certificate on asa 7 without CA

from [Skip Carter] [Permanent Link][Original]
To: Firewall Wizards Security Mailing List <firewall-wizards@listserv.cybertrust.com>
Subject: Re: [fw-wiz] Digital certificate on asa 7 without CA
From: Skip Carter <skip@taygeta.com>
Date: Thu, 14 Jun 2007 12:05:52 -0700
Delivered-to: sp-com-lists@consult.net
Delivered-to: fwwizards-list2@consult.net
Delivered-to: firewall-wizards@listserv.cybertrust.com
In-reply-to: <5336CE5F5C88EC4384BF375B40A8EC1E5EA913@w2k-meu-exc.Exchange.d-fi.fr>
List-archive: <https://listserv.icsalabs.com/pipermail/firewall-wizards>
List-help: <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=help>
List-id: Firewall Wizards Security Mailing List <firewall-wizards.listserv.icsalabs.com>
List-post: <mailto:firewall-wizards@listserv.icsalabs.com>
List-subscribe: <https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=subscribe>
List-unsubscribe: <https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=unsubscribe>
Organization: Taygeta Scientific Inc
References: <5336CE5F5C88EC4384BF375B40A8EC1E5EA913@w2k-meu-exc.Exchange.d-fi.fr>
Reply-to: Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>
Sender: firewall-wizards-bounces@listserv.icsalabs.com 
If I understand your plan, you will be using self-signed certificates
for authentication.  If so, I'd suggest you create a private CA (there are
scripts that come with openssl for this) instead.  Using self-signed
certificates is not secure because they can be readily counterfieted.



On Wed, 13 Jun 2007 08:12:18 +0200
"Youssef AGHARMINE" <YAG@d-fi.fr> wrote:

> Hi All,
> 
>  
> 
> Does someone succeed to Get a VPN working between a Cisco client VPN and
> and ASA with certificate.
> 
> I intended to generate my certificate with  openssl (on linux machine )
> and then to import certificate on the asa and also on client.
> 
> My goal is to avoir pre-shared key by certificate, but I don't to have
> to enroll my certificate automatically.



-- 
 Dr. Everett (Skip) Carter           Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Network Security Services   email: skip@taygeta.net
 1340 Munras Ave., Suite 314         WWW: http://www.taygeta.net/
 Monterey, CA. 93940            









_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [fw-wiz] Digital certificate on asa 7 without CA, Youssef AGHARMINE
Next by Date:  Re: [fw-wiz] Odd Cisco ASA question. . ., Jason Gervia
Previous by Thread:  [fw-wiz] Digital certificate on asa 7 without CA, Youssef AGHARMINE
Next by Thread:  [fw-wiz] CyberGuard TSP packet filter, Graeme Neilson
Indexes:  [Date] [Thread] [Top] [All Lists]