https://community.cisco.com/t5/network-access-control/certificate-selection-on-nam/m-p/3091262#M25489 <P>HI team ,</P> <P></P> <P>I have a query regarding the &nbsp;certificate selection on the NAM &nbsp;while using the EAP-TLS( User and machine auth with cert ).</P> <P></P> <P>I have a setup where i am using EAP-TLS authentication with user and machine authentication done with certificate .&nbsp;</P> <P>Is there a way in anyconnect that i can specify which certificate to be used for the authentication rather than NAM Pop up&nbsp;for certificate selection .</P> <P>I want the certificate selection to be automated without any manual task&nbsp;</P> <P></P> <P>Thnx&nbsp;</P> <P>Dibu</P> <P></P> Mon, 11 Mar 2019 07:55:38 GMT Diburaj kp 2019-03-11T07:55:38Z https://community.cisco.com/t5/network-access-control/certificate-selection-on-nam/m-p/3091262#M25489 <P>HI team ,</P> <P></P> <P>I have a query regarding the &nbsp;certificate selection on the NAM &nbsp;while using the EAP-TLS( User and machine auth with cert ).</P> <P></P> <P>I have a setup where i am using EAP-TLS authentication with user and machine authentication done with certificate .&nbsp;</P> <P>Is there a way in anyconnect that i can specify which certificate to be used for the authentication rather than NAM Pop up&nbsp;for certificate selection .</P> <P>I want the certificate selection to be automated without any manual task&nbsp;</P> <P></P> <P>Thnx&nbsp;</P> <P>Dibu</P> <P></P> Mon, 11 Mar 2019 07:55:38 GMT https://community.cisco.com/t5/network-access-control/certificate-selection-on-nam/m-p/3091262#M25489 Diburaj kp 2019-03-11T07:55:38Z https://community.cisco.com/t5/network-access-control/certificate-selection-on-nam/m-p/3091263#M25491 <P>Not that I have used this, but perhaps AnyConnect 4.5 certificate pinning would help in your situation?</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect45/administration/guide/b_AnyConnect_Administrator_Guide_4-5/configure-vpn.html#concept_cbg_1cj_rz">https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect45/administration/guide/b_AnyConnect_Administrator_Guide_4-5/configure-vpn.html#concept_cbg_1cj_rz</A></P> <P></P> Thu, 10 Aug 2017 17:45:50 GMT https://community.cisco.com/t5/network-access-control/certificate-selection-on-nam/m-p/3091263#M25491 Rob Ingram 2017-08-10T17:45:50Z https://community.cisco.com/t5/network-access-control/certificate-selection-on-nam/m-p/3091264#M25493 <P>Thanks Rob for the swift reply&nbsp;</P> <P></P> <P>Certificate pinning option is available for the Wireless EAP-TLS configuration &nbsp;or only available for VPN .</P> <P></P> <P>Also will the "&nbsp;<STRONG>Use</STRONG>&nbsp;<STRONG>certificate matching rule "&nbsp;</STRONG> option under the Network &gt; credential help to get the correct certificate automatically .</P> <P></P> <P>Thnx</P> <P>Dibu</P> <P></P> Fri, 11 Aug 2017 09:39:48 GMT https://community.cisco.com/t5/network-access-control/certificate-selection-on-nam/m-p/3091264#M25493 Diburaj kp 2017-08-11T09:39:48Z https://community.cisco.com/t5/network-access-control/certificate-selection-on-nam/m-p/3091265#M25494 <P>If you choose EAP-TLS as the authentication mechanism, the NAM profile editor should give you the certificate/credential selection option. I believe this forces the client certificate selection to be automatic. I have not tested this with NAM, but a similar setting for VPN works the same way.&nbsp;</P> Fri, 11 Aug 2017 18:34:36 GMT https://community.cisco.com/t5/network-access-control/certificate-selection-on-nam/m-p/3091265#M25494 Rahul Govindan 2017-08-11T18:34:36Z https://community.cisco.com/t5/network-access-control/certificate-selection-on-nam/m-p/3091266#M25495 <P>Hi all</P> <P></P> <P>I have got the solution .</P> <P></P> <P><STRONG>"Use</STRONG>&nbsp;<STRONG>certificate matching rule "&nbsp;</STRONG><SPAN>&nbsp;</SPAN>option under the Network &gt; credential&nbsp;</P> <P>Write a rule to match the attribute for the required argument &nbsp;ie cn or issuer.dc etc .</P> <P>This instructs anyconnect to search only for the specific certificate and hence user will not be asked to select for the certificate&nbsp;</P> <P></P> <P></P> <P></P> <P>Certificate pin option is available only for vpn from 4.5 version onwards&nbsp;</P> <P></P> <P>Thanks all for the help .</P> <P></P> <P>Thnx</P> <P>Dibu</P> Tue, 15 Aug 2017 00:39:06 GMT https://community.cisco.com/t5/network-access-control/certificate-selection-on-nam/m-p/3091266#M25495 Diburaj kp 2017-08-15T00:39:06Z