The site VPN system will be migrated to use multi-factor authentication, which will require using RSA or YubiKey tokens. The migration is tentatively scheduled to begin by January 2019.
WHAT IS THE IMPACT TO YOU?
The first step for the migration is for VPN users to load the Fermilab Root CAcertificate and configure it to be trusted for SSL connections. This step will not affect the way you are using the current VPN system. You can continue using the current VPN system as usual.
WHAT DO YOU NEED TO DO?
Individuals who have centrally managed Windows or Mac computers should have the certificates installed already. To test this:
- Open your AnyConnect VPN application
- In the “Connect” field, type “vpntest.fnal.gov”
- Click the Connectbutton.
No need to log in. If the certificate is installed correctly, you will be prompted to log in but do not need to do this. You should NOT see any warnings about connecting to an untrusted site.
If you do see a warning, or if you have a Linux machine or a non-centrally-managed device, follow the appropriate instructions for your device:
Mac computers: https://fermi.service-now.com/wp?id=kb_article&sys_id=KB0012919
Mobile devices: https://fermi.service-now.com/wp?id=kb_article&sys_id=KB0012905
Once you have successfully tested the new Fermilab CA root certificates, you can continue to use the current VPN.FNAL.GOV system as usual until next steps in the migration process are announced.