VPN Users: You must take action! VPN migrating to MFA

The Fermilab VPN system will be migrated to use multi-factor authentication (MFA) over the next several months. In order to continue using the Fermilab VPN system in the future, you will need to take action. The first step is outlined below.

 

WHAT IS THE IMPACT TO YOU?

The first step for the migration is for VPN users to load the Fermilab Root CA certificate and configure it to be trusted for SSL connections.  This step will not affect the way you are using the current VPN system. For now, you can continue using the current VPN system as usual.

 

WHAT DO YOU NEED TO DO?

Individuals who have centrally managed Windows or Mac computers should have the certificates installed already. To test this:

  1. Open your AnyConnect VPN application
  2. In the “Connect” field, type “vpntest.fnal.gov
  3. Click the Connect button.

No need to log in. If the certificate is installed correctly, you will be prompted to log in but do not need to do this. You should NOT see any warnings about connecting to an untrusted site.

 

If you do see a warning, or if you have a Linux machine or a non-centrally-managed device, follow the appropriate instructions for your device:

Windows computers: https://fermi.service-now.com/wp?id=kb_article&sys_id=KB0012906
Mac computers: https://fermi.service-now.com/wp?id=kb_article&sys_id=KB0012919
Mobile devices: https://fermi.service-now.com/wp?id=kb_article&sys_id=KB0012905
Linux: https://fermi.service-now.com/wp?id=kb_article&sys_id=KB0012914

 

Once you have successfully tested the new Fermilab CA root certificates, you can continue to use the current VPN.FNAL.GOV system as usual until next steps in the migration process are announced.