To generate an authentication certificate for a user follow:
To generate a certificate request open the "Certificates- Current user" certificate store (certmgr.msc or mmc.exe).
Right click on Personal - All tasks - Advanced Operations - Create Custom Request.
Leave "Select Certificate Enrollment Policy" to default and click Next.
Leave "Custom request" to default and click Next.
Under "Certificate Information" click Details and then Properties.
Fill the "Friendly name" under General.
Click the Subject menu and select the "Subject name" type as Common name and fill the Value- when done click Add.
Under Extensions menu extend the "Extended Key Usage" and add Client Authentication.
Under Private Key menu choose Key size as needed and other preferred options.
Click OK and click Next.
Choose the filename of the request and click Finish.
Submit the request on your CA server and issue the certificate.
Install the certificate in your client certificate store.
Also install the CA server's certificate in your ASA's CA Certificates store and your client's Trusted Certificate Authorities store.
To generate an authentication certificate for a computer follow:
Follow the same steps as above. The certificate "Extended Key Usage" has to be set as Client Authentication.
Or import an existing certificate with the private key attached.
No comments:
Post a Comment