https://community.cisco.com/t5/network-security/anyconnect-client-ssl-authentication-with-windows-ca/m-p/5055552#M1110608 <P>I have the same Problem on a FTD managed by FDM, I installed the root &amp; servercertificate from MS CA. Also I installed it onthe client PC but the result is allways Certificate Validation Failure... Any idea????&nbsp;</P> Wed, 03 Apr 2024 12:36:45 GMT BURKHARD LANDWEHR 2024-04-03T12:36:45Z https://community.cisco.com/t5/network-security/anyconnect-client-ssl-authentication-with-windows-ca/m-p/4734372#M1095717 <P>Hello,<BR /><BR />I have am using FMC and FTD version 7.2 and I have a working configuration using SAML authentication. I'm trying to add Certificate authentication, but I'm having a problem validating the certificate installed on my client machine. First a couple facts.</P><P>1. I have a windows CA that has pushed out computer certificates to all of my domain computers.&nbsp;<BR />2. In my remote access vpn config, I have installed a public certificate vpn.mydomain.com.&nbsp;</P><P>I believe my problem is that the FTD is trying to match the public cert with my computer's private cert and giving me an error "Certificate Validation Failure". Is there a way to present the vpn.mydomain.com website with a public certificate while my clients use the private cert? I plan to add another connection profile for vendors and I don't want to require certificates for them.&nbsp;</P><P>Thanks!<BR />Andy</P> Thu, 08 Dec 2022 00:12:04 GMT https://community.cisco.com/t5/network-security/anyconnect-client-ssl-authentication-with-windows-ca/m-p/4734372#M1095717 sanchezeldorado 2022-12-08T00:12:04Z https://community.cisco.com/t5/network-security/anyconnect-client-ssl-authentication-with-windows-ca/m-p/4734671#M1095722 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1051209">@sanchezeldorado</a>,</P> <P>Yes, it is possible to use public CA signed certificate for your FTD devices, to identify FTD on the Internet, and at the same time to use private CA signed device certificate, to identify clients to your FTD. You can see config guide <A href="https://community.cisco.com/t5/security-knowledge-base/cisco-ftd-6-6-anyconnect-client-with-machine-certificate-ad/ta-p/4280528" target="_self">here</A>.</P> <P>Based on your error desciption, it looks to me like your FTD doesn't have private CA chain, so it can't validate client certificate, or client is not using private CA certificate to identify itself, so FTD doesn't trust offered one.</P> <P>Kind regards,</P> <P>Milos</P> Thu, 08 Dec 2022 08:48:42 GMT https://community.cisco.com/t5/network-security/anyconnect-client-ssl-authentication-with-windows-ca/m-p/4734671#M1095722 Milos_Jovanovic 2022-12-08T08:48:42Z https://community.cisco.com/t5/network-security/anyconnect-client-ssl-authentication-with-windows-ca/m-p/4736581#M1095825 <P>Thank you for the input. Unfortunately, it looks like I won't have the ability to get this configured. Have a good day!</P> Sun, 11 Dec 2022 15:05:42 GMT https://community.cisco.com/t5/network-security/anyconnect-client-ssl-authentication-with-windows-ca/m-p/4736581#M1095825 sanchezeldorado 2022-12-11T15:05:42Z https://community.cisco.com/t5/network-security/anyconnect-client-ssl-authentication-with-windows-ca/m-p/5055552#M1110608 <P>I have the same Problem on a FTD managed by FDM, I installed the root &amp; servercertificate from MS CA. Also I installed it onthe client PC but the result is allways Certificate Validation Failure... Any idea????&nbsp;</P> Wed, 03 Apr 2024 12:36:45 GMT https://community.cisco.com/t5/network-security/anyconnect-client-ssl-authentication-with-windows-ca/m-p/5055552#M1110608 BURKHARD LANDWEHR 2024-04-03T12:36:45Z