If you want to pass Cisco 642-637 successfully,do not missing to read Flydumps latest Cisco 642-637 practice tests.100% Guarantee! All the dumps are updated timely.
What can be done to prevent client authentication issues caused by new self-signed X.509 certificates caused by reboots on an ISR? (Select all that apply.)
A. Configure basic user authentication.
B. Configure the ISR with basic SSL VPN gateway features.
C. Use a permanent self-signed certificate that is persistent.
D. Enroll the ISR in an existing PKI.
Correct Answer: CD Section: (none) Explanation
Explanation: By default, the ISR creates a self-signed X.509 certificate on each reboot, which causes client warnings when attempting SSL VPN access because the certificate cannot be verified because it is self-signed. This can be addressed in two ways:
-Create a permanent self-signed certificate that is persistent across reboots. This certificate can be saved on clients and used if they access the ISR initially over a trusted network. This is usually not true and therefore not recommended.
-Enroll the ISR into an existing PKI, with the clients authenticating the ISR identity certificate on each access by validating it using a valid CA certificate that was used to sign the ISR’s identity certificate. This CA certificate would need to be provisioned on all clients for this authentication to work properly.