Generating and Installing Certificates on the Cisco VPN 5000 Series Concentrator

Available Languages

Download Options

  • PDF     (75.9 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (85.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (72.9 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:May 2, 2008
Document ID:4180

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document includes step-by-step instructions on how to generate certificates on the Cisco VPN 5000 Series Concentrators and on how to install certificates on the VPN 5000 Clients.

    Prerequisites

    Requirements

    There are no specific requirements for this document.

    Components Used

    The information in this document is based on these software and hardware versions:

    • Cisco VPN 5000 Concentrator software version 5.2.16US

    • Cisco VPN Client 5.0.12

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

    Conventions

    For more information on document conventions, refer to the Cisco Technical Tips Conventions.

    VPN 5000 Concentrator Certificates for VPN Clients

    Complete these steps.

    1. If you do not have a time server, you must set the date and time using the sys clock command.

      RTP-5008# sys clock 12/14/00 12:15

      To verify that the date and time have been set properly, run the sys date command.

    2. Enable the certificate generator feature of the VPN Concentrator.

      RTP-5008# configure certificates

[ Certificates ]# certificategenerator=on

*[ Certificates ]# validityperiod=365

    3. Create the root certificate.

      *RTP-5008# certificate generate root 512 locality rtp state nc 
country us organization "cisco" commonname "cisco" days 365

    4. Create the server certificate.

      *RTP-5008# certificate generate server 512 locality rtp state nc 
country us organization "cisco" commonname "cisco" days 365

    5. Verify the certificate.

      *RTP-5008# certificate verify

    6. Display the certificate in Privacy Enhanced Mail (PEM) format, and then copy the certificate to a text editor for exportation to the client. Make sure to include the begin line, the end line, and the carriage return after the end line.

      *RTP-5008# show certificate pem root

-----BEGIN PKCS7-----

MIAGCSqGSIb3DQEHAqCAMIIBmAIBATEAMIAGAQAAAKCCAYYwggGCMIIBLKADAgEC

AgRAP0AJMA0GCSqGSIb3DQEBBAUAMEgxDDAKBgNVBAcTA3J0cDELMAkGA1UECBMC

bmMxCzAJBgNVBAYTAnVzMQ4wDAYDVQQKEwVjaXNjbzEOMAwGA1UEAxMFY2lzY28o

HhcNMDAwNzE0MDYzOTIzWhcNMDEwNzE0MDYzOTIzWjBIMQwwCgYDVQQHEwNydHAx

CzAJBgNVBAgTAm5jMQswCQYDVQQGEwJ1czEOMAwGA1UEChMFY2lzY28xDjAMBgNV

BAMTBWNpc2NvMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAML/buEqz3PnWQ5M6Seq

gE9uf7sZNUbHKZCp+GP9EpRkFuaYCD9vYZ3+MRTphiY55tDRmxTEglvK6l8sYIKd

XDcCAwEAATANBgkqhkiG9w0BAQQFAANBABuRHckNTXEAXSwyj7c5bEnAMCvI4Whd

ZRzVST5/QVRPjcaLXb0QJP47CzNecONfmM0bZ3n2nxBnbNDimJQbCgwxAAAAAAA=

-----END PKCS7-----

    7. Open the VPN Client to configure it for certificate authentication.

    8. On the VPN Client's Configuration tab, select Add.

    9. Select Certificate for the Login Method, and then enter the login name and the primary VPN server address (or fully qualified domain name). Add a secondary VPN server entry if necessary.

    10. Select OK to close the Login Properties window.

    11. Go to Certificates > Import, browse to the location where the certificate is located, and select the certificate file.

    12. With the certificate listed in the Root Certificates field, click the Configuration tab of the VPN Client.

    13. Select the Connect button to initiate a VPN connection.

    Related Information

    Contributed by

    • chbanks
      ddunlap

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products