Hi there,

Wondering if anyone can help as I've been searching around to no avail on this one. We are about to undergo a POC for using Smartphones in the work place and we are looking to route all email traffic via VPN utilising Cisco AnyConnect.

We are able to successfully connect using a connection profile we have setup when we use a Local account (non certificate based) however as soon as we set this to be using Certificates we constantly receive an error:  "This connection requires a client certificate but not matching certificate can be found"

On the mobile devices when they are enrolled to MobiControl we issue both a user certificate based upon then enrolled users UserID and a device certificate based upon the Phone Serial number. A 3rd certificate present is one for our root CA. Neither of these seem to be applicable as valid client certificates when we try to connect (I've confirmed that they are imported both onto the device and within Cisco AnyConnect)

With regards to the configuration we have attempted to look at the certificate matching and ensured that the ClientAuth tick box is ticked and a number of various other options all of which don't seem to allow certificates to be used as authentication. However when we export the xml config to a Windows laptop using the AnyConnect client we are able to connect without any issues.

This seems to make us think that its something relating to the type of certificate or the Key usage type that's at fault but we are unable to find where the problem lies. Has anyone got any experience with troubleshooting the ASA / client certificate requirements for Android devices?