Recently I posted about IOS CA, taking this further I enrolled one router of mine to one sub CA and other router to other sub CA. Is that even at all possible? The certificates share a common chain...
They share a common CA - but have different OU field.
Server:
----------------------------------
ez-server#sh cry ca cert
Certificate
Issuer:
cn=SUBCA1.cisco.com
ou=LAB
Subject:
Name: ez-server.cisco.com
CA Certificate
Issuer:
cn=CA.cisco.com
ou=LAB
Subject:
cn=SUBCA1.cisco.com
ou=LAB
----------------------------------
Client cert:
------------------------------
ez-client#sh cry pki cert
Certificate
Issuer:
cn=SUBCA2.cisco.com
ou=LAB1
Subject:
Name: ez-client.cisco.com
CA Certificate
Issuer:
cn=CA.cisco.com
ou=LAB
Subject:
cn=SUBCA2.cisco.com
ou=LAB1
------------------------------
Already wrong? Damn...
http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_easy_vpn_rsa.html#wp1056030
"The content of the first Organizational Unit (OU) field will be used as the group."
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment