AnyConnect SSL Certificate Import

SOLVED
KRobert
Head in the Cloud

AnyConnect SSL Certificate Import

I know this was a feature early on, but is Meraki planning to setup the AnyConnect Client VPN configuration so that we can import our own SSL certificate to login to the server?  Or change the hostname to a custom hostname? 

 

 

CMNO, CCNA R+S
1 ACCEPTED SOLUTION

Accepted Solutions
PhilipDAth
Kind of a big deal

Re: AnyConnect SSL Certificate Import

You can use my online profile editor to create profiles that "hide" the actual DNS name as @KarstenI says.

https://www.ifm.net.nz/cookbooks/online-anyconnect-profile-editor.html 

 

The problem with allowing custom certificates is it will create a lot of support tickets.  They are not "Meraki Simple".

 

And anyone skillfully enough to create and deploy a custom certificate should be able to create and deploy a custom profile.

View solution in original post

3 REPLIES 3
KarstenI
Head in the Cloud

Re: AnyConnect SSL Certificate Import

I don’t know anything about the roadmap, but for the host name, I would deploy AnyConnect profiles which “hide” the name from the client. Not the same, but perhaps the way to go. This should be also a better solution to not break the failover to the secondary ISP in case of failure of the primary ISP.

PhilipDAth
Kind of a big deal

Re: AnyConnect SSL Certificate Import

You can use my online profile editor to create profiles that "hide" the actual DNS name as @KarstenI says.

https://www.ifm.net.nz/cookbooks/online-anyconnect-profile-editor.html 

 

The problem with allowing custom certificates is it will create a lot of support tickets.  They are not "Meraki Simple".

 

And anyone skillfully enough to create and deploy a custom certificate should be able to create and deploy a custom profile.

View solution in original post

KRobert
Head in the Cloud

Re: AnyConnect SSL Certificate Import

Thanks @PhilipDAth. I started down the profile path at one point and have visited your site before. Simple and really helpful. I knew that Meraki had pointed it out in their documentation before, but wasn't sure where until today.

 

https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance/Client_deployment

 

"An AnyConnect profile is a crucial piece for ensuring easy configuration of the AnyConnect client software, once installed. The MX does not support the use of custom hostnames for certificates (e.g. vpn.xyz.com). The MX only supports use of the Meraki DDNS hostname for auto-enrollment and use on the MX. With the Meraki DDNS hostname (e.g. mx450-xyuhsygsvge.dynamic-m.com) not as simply as a custom hostname, the need for AnyConnect profiles cannot be overemphasized. Profiles can be used to create hostname aliases, thereby masking the Meraki DDNS with a friendly name for the end user. "

 

I used your profile creator and it worked perfectly. Thanks for your help on this!

CMNO, CCNA R+S
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.