Hi;
I've integrated FTD 6.2.2 with ISE 2.2 using pxGrid and required certificates. What I don't understand and cannot find on the Internet is Certificate Enrollment on FTD. Actually I'm studying remote access VPNs on FTD and want to deploy a scenario like bellow:
- Remote clients should be authenticated with both of certificates (supposing they don't have any cert installed on their devices, yet) and AD username/password to be sure they are connecting to corporate network using their legitimate devices.
- Remote clients should be authorized based on the AD settings.
Does certificate enrollment on FTD mean generating a CSR to get a node certificate from internal CA and then trying to authenticate remote users based on that certificate on behalf of root CA? Does it like the procedure we do on ISE (importing CA root certificate on ISE trusted root CA database and then generating a CSR to get a node certificate for ISE device itself)?
If the answer to the question above was positive, then why we don't use the "openssl" tool or "Object Management > PKI > Internal Certs" to generate a CSR and import received certs to FTD database?While integrating FTD with ISE I used "openssl" command to generate a CSR on FTD.
I'm really confused and appreciate any help on this.
No comments:
Post a Comment