Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Root Certificate, Client Certificate

Posted on 2013-12-17
6
Medium Priority
?
582 Views
Last Modified: 2014-01-16
Hi Experts,

Trying to create SSL root certificate and client certificate for authentication.
Can you please send me the steps, your help will greatly help to solve the problems.
I have already tried the steps, but it did not work successfully.
Not sure what i am missing.
Root certificate will be installed in VPN appliance.
Client certificates will be installed in Laptops for those who want to connect VPN. (Not member of Domain)

Regards,
Skumar
0
Comment
Question by:Skumar_CCSA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 38

Expert Comment

by:Mahesh
ID: 39725844
Some more information is required
What steps you have tried ?
Which VPN device you are using ?
You can have windows based Standalone CA server who can provide certificates to your VPN appliance and clients as well

Mahesh
0
 

Author Comment

by:Skumar_CCSA
ID: 39725862
HI Mahesh...

Appreciated your quick response.
F5 BIG-IP VPN Appliance.
Standalone CA server...provide Certificate to VPN Appliance (Root) and clients as well.
I have installed Certificate Authority services in standalone server..created Root Certificate.
Client certificate through IIS page, create request and choose client certificate and selected the Alg-sha1(Microsoft RSA) value.

Regards,
Skumar.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39726054
Have you tried to generate CSR from F5 ?
http://www.digicert.com/csr-creation-f5-big-ip.htm
If CSR is generated, are you also able to generate certificate through Windows Certification Authority ?
In order to generate certificate through windows based CA, you need to open up windows CA through web interface. For ex: http://mycaserver/certsrv
For CA web interface, you must install CA web enrollment component on CA server as well.
If you have generated certificate successfully, are you able to import in F5 device ?

What exact problem you are facing please ?

Mahesh
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:Skumar_CCSA
ID: 39727558
Hi Mahesh,

I have checked these option, but unfortunate this will not help.

I want to setup standalone CA for certificates.
Root Certificate will be placed in BIG-IP for client certificate sign and verification.
Client certificates will be created from the same standalone CA server, manually it be installed on the laptops those are not part of domain and who likely working from outside office. ( Assume they are clients and outside domain laptops).

I have installed Standalone CA.
Created Root Certificates and copied the same and placed in BIG-IP.
Created client certificate from the standalone CA server, installed on the laptop and i can see that installed client certificate located in Personal Certificates.
Assumed it will work, but it did not and looking for help.
Please help.....
Regards,
Skumar.
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 1500 total points
ID: 39728385
Only creating root certificate will not help

Have you found any CSR generation wizard as per my earlier comment in F5?

You need to generate CSR from f5, submit that request to standalone CA, CA server will generate certificate with private key and that cert with private key need to be imported on F5

Hopefully then it should work

Mahesh
0
 

Author Closing Comment

by:Skumar_CCSA
ID: 39787511
thanks mahesh.,
problem solved after following various links..
however your sugg gr8ly helped to fix.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question