I'm looking for advice on how to handle distributing private keys for IPSec VPN certificate authentication, especially when dealing with unmanaged devices. I've seen streamlined solutions when you can manage user devices, but that's not always the case. My users have a wide range of tech skills and devices. Ideally, I'd have them generate their own private keys and send me their public ones, but I'm worried some may struggle with that. Also, if they lose their keys, what measures do you usually take to help them and prevent mishandling of their keys? It feels quite challenging, and I hope there's a simpler approach than I expect!
3 Answers
I usually give the keys over the phone, one character at a time! That way, they can't misunderstand anything. Just kidding, but seriously, it sounds like quite a task you're dealing with! If you’re expecting users to manage their own keys, maybe an easier option would be to guide them through importing manually or finding a solution that automates that process. What kind of firewall are you using for your IPSec setup? There might be specific tools that can help with that.
Manually handing out keys is a bit of a headache! You might want to consider using encrypted email to send them the keys with clear instructions. This way, you can keep a record of what's been sent and even use recall features if necessary. Also, remember that PKI can get really complicated with unmanaged devices. Have you thought about just using user/password combos with MFA instead? It could save you a lot of complexities.
I'm with you on the complexity of certificates vs user/password/MFA setups. Yes, issuing these keys can lead to tons of technical issues, but it does have its perks like phish resistance. One thing I've learned is providing genuine support channels for users can reduce mishandling and lost keys. Create a simple troubleshooting document or a guide they can refer back to.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures