Certificate-based infrastructure

HI everybody,

simple question to answer for you. Which design consideration does it take to move from a pre-shared key infrastructure for remote access and L2L to a fully certificate-based infrastructure? In particular, what is the most reliable solution to manage certificates for a very large customer?

Configuration is not an issue. I just want to understand which issues i need to face in terms of management an roll out.

 

Many thanks,

Alessio

Comments

  • Network devices need manual eurollment with the CA, but re-enrollment due to certificate expiry can be automatic. CRL/OCSP supported for certificate validation.
    Clients/users can receive automatic CA enrollment and re-enrollment, as well as the ANyconnect pre-installed and pre-configured via Active Directory policies. CRL/OCSP as well.
    So easy stuff.


    On 28 Apr 2015, at 12:40, Alessio <[email protected]> wrote:

    HI everybody,

    simple question to answer for you. Which design consideration does it take to move from a pre-shared key infrastructure for remote access and L2L to a fully certificate-based infrastructure? In particular, what is the most reliable solution to manage certificates for a very large customer?

    Configuration is not an issue. I just want to understand which issues i need to face in terms of management an roll out.

     

    Many thanks,

    Alessio




    INE - The Industry Leader in CCIE Preparation
    http://www.INE.com

    Subscription information may be found at:
    http://www.ieoc.com/forums/ForumSubscriptions.aspx

  • AlessioAlessio ✭✭

    Thanks Cristian.

    Is there any  book or reference which is treating the whole set of problematics i could face up rolling out this solution which you would suggest?

     

    Best Regards,

    Alessio

  • Unfortunately not.

    Sent from my iPhone

    On May 5, 2015, at 16:19, Alessio <[email protected]> wrote:

    Thanks Cristian.

    Is there any  book or reference which is treating the whole set of problematics i could face up rolling out this solution which you would suggest?

     

    Best Regards,

    Alessio




    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx
Sign In or Register to comment.