Meraki Community

Tjandra

Hi, I'm trying to set up a client certificate for Anyconnect using Microsoft CA Services. From this topic (https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-with-Certificate-Authentication/m-p/14535...) seems like it's possible.

NOTE: my VPN users are not AD-authorized (because not all of them are AD users)

My question: can anyone show me how to create the client certificates?

Thanks

alemabrahao

Have you checked these documents?

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/Managing_and_Troublesh...

How to manually create client certificate on Ca server? - Microsoft Q&A

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Tjandra

I've seen the Meraki doc page, and it doesn't say how to issue the client cert.

And thanks for the Microsoft page, however the 3rd step (Request a New Cert) is not the same as what I see on my 2012R2 server... in particular the dialog for "Select Certificate Enrollment Policy" only has "Active Directory Enrollment Policy" (then select Administrator, Basic EFS, EFS Recovery Agent, or User) and "Configured by you" (which requires me to enter "enrollment policy server URI").

Thanks

alemabrahao

I suggest you open a ticket with Microsoft so they can help you.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki Community

Anyconnect client certificate

Anyconnect client certificate