08-10-2017 09:15 AM - edited 03-11-2019 12:55 AM
HI team ,
I have a query regarding the certificate selection on the NAM while using the EAP-TLS( User and machine auth with cert ).
I have a setup where i am using EAP-TLS authentication with user and machine authentication done with certificate .
Is there a way in anyconnect that i can specify which certificate to be used for the authentication rather than NAM Pop up for certificate selection .
I want the certificate selection to be automated without any manual task
Thnx
Dibu
08-10-2017 10:45 AM
Not that I have used this, but perhaps AnyConnect 4.5 certificate pinning would help in your situation?
08-11-2017 02:39 AM
Thanks Rob for the swift reply
Certificate pinning option is available for the Wireless EAP-TLS configuration or only available for VPN .
Also will the " Use certificate matching rule " option under the Network > credential help to get the correct certificate automatically .
Thnx
Dibu
08-11-2017 11:34 AM
If you choose EAP-TLS as the authentication mechanism, the NAM profile editor should give you the certificate/credential selection option. I believe this forces the client certificate selection to be automatic. I have not tested this with NAM, but a similar setting for VPN works the same way.
08-14-2017 05:39 PM
Hi all
I have got the solution .
"Use certificate matching rule " option under the Network > credential
Write a rule to match the attribute for the required argument ie cn or issuer.dc etc .
This instructs anyconnect to search only for the specific certificate and hence user will not be asked to select for the certificate
Certificate pin option is available only for vpn from 4.5 version onwards
Thanks all for the help .
Thnx
Dibu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide