Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 6640 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote Access SSL VPN with Windows CA User Certificates

sophosticated
HI,

I'm trying to accomplish the following using UTM110:
I want to set up a SSL VPN which uses the user certificates generated by the windoes server CA. Those are already on the client noteboks.
I am not sure which certificates have to be in the UTM to prevent the utm from generating user certificates but use the existing certificates.
I would be really happy if someone could point me to some ressources covering the steps.

Additionally I would like to ask for a simple deployment method.
I would prefer to make all settings to the VPN client via GPOs..

Thanks for any advice.

Let me know if you need further information...


This thread was automatically locked due to age.
Parents
  • 0
    I am unaware of a way to distribute the SSL VPN client with a GPO.  I would simply have the folks get the configuration via the User Portal and not worry about moving certs around.  That approach also trains them to be able to get the client and configuration for their tablets and portable phones.

    It is possible to use the existing certs.  First, you would need to upload the CA.  Then, in order to use the existing certs, you would need a PEM of each one and to upload them individually in WebAdmin.  After syncing the users to the UTM, you would need to edit each user definition to change the certificate to your existing cert.  Finally, it would be good housekeeping to delete the unused certificates, and that would help you ensure that each user had been changed successfully.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    I am unaware of a way to distribute the SSL VPN client with a GPO.  I would simply have the folks get the configuration via the User Portal and not worry about moving certs around.  That approach also trains them to be able to get the client and configuration for their tablets and portable phones.

    It is possible to use the existing certs.  First, you would need to upload the CA.  Then, in order to use the existing certs, you would need a PEM of each one and to upload them individually in WebAdmin.  After syncing the users to the UTM, you would need to edit each user definition to change the certificate to your existing cert.  Finally, it would be good housekeeping to delete the unused certificates, and that would help you ensure that each user had been changed successfully.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML