LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-21-2012, 06:48 AM   #1
alexoracle2004
LQ Newbie
 
Registered: Sep 2012
Posts: 5

Rep: Reputation: Disabled
Question How to add certificate??


Hello to All,


I am faced with a problem.. I wanna connect to my company's network when i am outside the company and visiting in an other one.


This company has provided me with their certificate in order to access HTTPS webpages over their network. But i cannot use cisco's vpn client to access my company's VPN. A colluage that has windows has added this certificate to his internet explorer's setting and as a result the system reads the certificate and lets him connect via cisco vpn client.


Were do i have to add this certificate in Linux in order my cisco client can read it too and establish a connection??

Thank in advance!
 
Old 09-21-2012, 09:02 AM   #2
flower.Hercules
Member
 
Registered: Aug 2005
Distribution: Gentoo
Posts: 228

Rep: Reputation: 31
You should add your certificate here (your capitalization may be different in the highlighted section):

Code:
/etc/opt/cisco-vpnclient/Certificates/
Then load the certificate with this command:

Code:
cisco_cert_mgr -U -op import
You should be prompted for the filename and a password. Then, verify it is showing up in the store:

Code:
cisco_cert_mgr -U -op list
Connect to the profile (you may need to set this up if you haven't already, check that out if it doesn't work at this point) with the certificate and you should be good to go.

...edit begins...

I realized that I left you hanging at the end...in case you don't have a profile set up, you'll need to set one up. Check here for profiles:

Code:
ls /etc/opt/cisco-vpnclient/Profiles/
You will need to edit a profile or create a new profile and it should point to the certificate. The following settings are relevant to this task (change the red text):

Code:
AuthType = 3
CertStore = 1
CertName = Name
Finally, activate it with this command, change the profile_name to whatever profile you just set up but leave off the .pcf extension:

Code:
vpnclient connect profile_name
NOW you should be good to go!

Last edited by flower.Hercules; 09-21-2012 at 09:09 AM. Reason: Additional information.
 
Old 09-21-2012, 06:42 PM   #3
alexoracle2004
LQ Newbie
 
Registered: Sep 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
hi,
this folder /etc/opt/cisco-vpnclient/Certificates/ doesn't exist ... there is a /etc/opt/.cisco/Certificates/ca is this the same????
 
Old 09-21-2012, 09:46 PM   #4
flower.Hercules
Member
 
Registered: Aug 2005
Distribution: Gentoo
Posts: 228

Rep: Reputation: 31
That's the one, alternatively, there may be one in your home directory at ~/.cisco/certificates/ca.
 
Old 09-25-2012, 03:51 AM   #5
alexoracle2004
LQ Newbie
 
Registered: Sep 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
there is a little problem i dont hava cisco_cert_mgr... i have search the entire system this utility does not exist!!!


What i can do know ???

My client:

Cisco AnyConnect VPN Clinet Version 2.5.6005
 
Old 09-25-2012, 07:07 AM   #6
flower.Hercules
Member
 
Registered: Aug 2005
Distribution: Gentoo
Posts: 228

Rep: Reputation: 31
Looks like you need a walk-through, which Cisco provides. I'd recommend you go to the Cisco site and take a look at those instructions which are applicable to you:

http://www.cisco.com/en/US/docs/secu...html#wp1000096

If you run into any problems, provide specifics and we can help you through it.
 
Old 09-25-2012, 12:08 PM   #7
alexoracle2004
LQ Newbie
 
Registered: Sep 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
i have installed correctly the client because i am using it to connect to my company's network when i am home.
The client and the licence of the client it is provided from my company!


What i notice is the error i am getting is :the client could not connect because of a secure gateway address resolution failure

and i think that the cisco client can not find the proxy server i have set up in the Network proxy (gnome) and as a result it can not resolve the
address of the vpn i have provided . So my question is that were in Linux can i set network setting that are read from the whole linux system i.e system-wide settings???
 
Old 09-25-2012, 12:30 PM   #8
flower.Hercules
Member
 
Registered: Aug 2005
Distribution: Gentoo
Posts: 228

Rep: Reputation: 31
I'd imagine the gnome configuration was system wide but you can set this via this command (as root):

Code:
export http_proxy="http://username:password@server:port/"
export ftp_proxy="http://username:password@server:port/"
Remove the username and password section if you do not need a username and password to access the proxy, otherwise substitute the appropriate information. Without a username and password, it'd look like this:

Code:
... ="http://server:port/"
 
Old 09-25-2012, 01:11 PM   #9
alexoracle2004
LQ Newbie
 
Registered: Sep 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
i thought that too that the gnome configurations were system wide but as it turned out are not..
and a clue was that when i was trying to ping www.google.com from a terminal although i had the proxy configured to the gnome the terminal could no ping it.. and i found the export http & https to fix this in the terminal..

What is your advice it is better to put them in .bashrc or .bash_profile ???? or somewhere else ??
 
Old 09-25-2012, 01:38 PM   #10
flower.Hercules
Member
 
Registered: Aug 2005
Distribution: Gentoo
Posts: 228

Rep: Reputation: 31
Either is perfectly acceptable. If you put it in .bash_profile, it'll be set every time you log in. If you put it in .bashrc, it'll set every time you open a new terminal. The choice is yours.

Personally, I'd put it in .bash_profile and change it to .bashrc if I ran into problems; as I see it, the less work my system has to do (or redo, if you open a lot of terminals), the better off it is.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL errors, while trying to add a certificate WoAnerges Linux - Software 22 05-02-2012 01:38 PM
Add a certificate to trusted list/keypool kishore.s Linux - Server 1 06-13-2011 04:13 AM
How to add certificate? aditya_halan Linux - Security 1 08-21-2007 04:00 AM
Can I retrieve certificate expiry date from an openssl certificate (command line) davee Linux - Security 1 07-21-2006 10:28 AM
Curl: How to add remote site to a certificate? mikeshn Programming 0 12-15-2003 07:14 PM


All times are GMT -5. The time now is 12:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration