ca

The video shows you how to configure Cisco ISE 2.0 internal CA as a SCEP server for AnyConnect VPN client to obtain a certificate. We will go through basic configuration of ASA AnyConnect VPN to enable SCEP proxy. A test certificate request will be performed over VPN. Afterwards, we will configure the ASA to perform client certificate validity check using OCSP.

The video shows you how to configure Cisco ISE 2.0 internal CA as a SCEP server for AnyConnect VPN client to obtain a certificate. We will go through basic configuration of ASA AnyConnect VPN to enable SCEP proxy. A test certificate request will be performed over VPN. Afterwards, we will configure the ASA to perform client certificate validity check using OCSP.

The video walks you through steps to deploy user and computer digital certificates from Windows 2008 Certificate Authority (CA) server through auto-enrollment and Group Policy. This method allows you to automatically distribute certificates to your Windows users, which is very effective for a large scale security deployment that requires either or both user and machine authentication using client-based certificate such as EAP-TLS. This lab assumes you have existing Windows certificate server and Active Directory (AD) infrastructure.

The video presents you with various options to implement certificate Auto-Enrollment for network devices using SCEP. By default, a one-time challenge password needs to be generated and used per network device. This can be cumbersome and impractical in case the number of device is large. An alternative is to disable the use of challenge password entirely, but this could post security concern, although is potentially desirable in lab environment. An acceptable solution might be disabling auto-approval and have the CA admin approve certificate requests manually.