Thanks Rob for the swift

Diburaj kp · ‎08-10-2017

HI team ,

I have a query regarding the certificate selection on the NAM while using the EAP-TLS( User and machine auth with cert ).

I have a setup where i am using EAP-TLS authentication with user and machine authentication done with certificate .

Is there a way in anyconnect that i can specify which certificate to be used for the authentication rather than NAM Pop up for certificate selection .

I want the certificate selection to be automated without any manual task

Thnx

Dibu

Rob Ingram · ‎08-10-2017

Not that I have used this, but perhaps AnyConnect 4.5 certificate pinning would help in your situation?

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect45/administration/guide/b_AnyConnect_Administrator_Guide_4-5/configure-vpn.html#concept_cbg_1cj_rz

Diburaj kp · ‎08-11-2017

Thanks Rob for the swift reply

Certificate pinning option is available for the Wireless EAP-TLS configuration or only available for VPN .

Also will the " Use certificate matching rule " option under the Network > credential help to get the correct certificate automatically .

Thnx

Dibu

Rahul Govindan · ‎08-11-2017

If you choose EAP-TLS as the authentication mechanism, the NAM profile editor should give you the certificate/credential selection option. I believe this forces the client certificate selection to be automatic. I have not tested this with NAM, but a similar setting for VPN works the same way.

Diburaj kp · ‎08-14-2017

Hi all

I have got the solution .

"Use certificate matching rule " option under the Network > credential

Write a rule to match the attribute for the required argument ie cn or issuer.dc etc .

This instructs anyconnect to search only for the specific certificate and hence user will not be asked to select for the certificate

Certificate pin option is available only for vpn from 4.5 version onwards

Thanks all for the help .

Thnx

Dibu

Certificate selection on NAM