Howto: Issue certificate for a Cisco VPN client

Giganews Newsgroups
Subject: Howto: Issue certificate for a Cisco VPN client
Posted by:  Jim Kelly (Jim Kel…
Date: Mon, 15 Jun 2009

I have looked around and did not find anything to help me on this so maybe
someone here can help.  I have a Cisco ASA as a VPN endpoint for a Remote
Access VPN.  I want to use certificates to connect to the VPN.  I have this
set up to work, but issuing the certs is a bit of a pain for end users,
currently they have to fill out a cert enrolment request from the VPN client,
including the VPN tunnel name, which I have obfuscated, so it is not that
easy to remember.

What I would like to do is have them go to the cert server (web page) and
request a corp-vpn certificate.  They can do this currently with EFS and User
certificates.  However, the VPN certificate needs to have the VPN tunnel name
in the OU field.  How do I create a certificate template so that they just
have to login to certsvr and select corp-vpn, and be issued a certificate
with a pre-specified OU (which I will put in), then just import it into the
VPN client?

Thanks in advance.