Solved: Re: AnyConnect Posture Certificate error

wileong · ‎07-12-2016

Hi,

IHAC with 3 PSNs and running posturing. Everytime AnyConnect compliance module kicks in, there is a certificate error pop-up. I have verified all certificate - CA and PSNs certificate are in Windows 8.1 Trusted Certificate Store.

What could be the cost of this issue? We do not have any issue when posturing being turned off.

Thanks

Wing Churn

wileong · ‎07-13-2016

Hi Paul,

This has been fixed by regenerating new certificate. Apparently AnyConnect does not like our certificate with an IP Address in SAN.

Removing the IP Address in SAN with just FQDN it works fine.

Regards,

Wing Churn

View solution in original post

pcarco · ‎07-12-2016

Hello, Is this problem isolated to a single machine or wide spread across many users ? Can you please reply with a screenshot and also run the DART on the AnyConnect client and email it to me directly pcarco@cisco.com and i will take a look.

Also. just looking internally at past similar issues - any chance you have upper case letters in the CN of the certificate ?

Best regards,

Paul

AC TME

wileong · ‎07-13-2016

Hi Paul,

This has been fixed by regenerating new certificate. Apparently AnyConnect does not like our certificate with an IP Address in SAN.

Removing the IP Address in SAN with just FQDN it works fine.

Regards,

Wing Churn

pcarco · ‎07-18-2016

Great to hear it is solved.

Best regards,

Paul