Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1650
Views
0
Helpful
2
Replies

ASA: How to import a new SSL certificate on a AnyConnect client PC the

Go to solution
swscco001
Level 1
Level 1

‎09-03-2021 07:59 AM

Hello everybody,

our customer has a ASA (OS rel. 9.8(43)2) and the AnyConnect client 4.9 on their
PCs.

Recently the SSL certificate expired and they got the AnyConnect notification window
about the 'Untrsted Server Certificate' and could connect after clickeing on 'Connect Anyway'.

Now there is a new self signed SSL certificate and they get the AnyConnect notification window
about the 'Untrsted Server Certificate' again with the option 'Always trust the server
and import the certificate' but when they use this option the connection was not
established.

My questions are:

1. How to import a new self signed SSL certificate on a AnyConnect client PC the right way?

2. Where is the right loaction an the PC to store the new SSL certificate so this
can be found by the AnyConnect client?

3. Where should I find this on the Windows mmc in certmgr? There are many categories ...

Thanks a lot for your hints.

Greetings!

 

Bye
R.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎09-03-2021 08:21 AM

@swscco001 

Run certmgr.msc will open the Current Users certificate store, then expand Personal > Certificates and import the certificate there.

You will obviously have to do this for every user or use Windows As use a GPO to distribute to all users/computers.

Ideally you'd get a certificate issued by a public CA or if you have an internal CA use that.

View solution in original post

0 Helpful

Go to solution
swscco001
Level 1
Level 1
In response to Rob Ingram

‎09-07-2021 02:41 AM

Hi Rob,

 

thanks for the hints!


When I use the option in the AnyConnect client to accept the new

self signed certificate it will be stored in the 'Other People' section
in certmgr.


Thanks a lot!

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎09-03-2021 08:21 AM

@swscco001 

Run certmgr.msc will open the Current Users certificate store, then expand Personal > Certificates and import the certificate there.

You will obviously have to do this for every user or use Windows As use a GPO to distribute to all users/computers.

Ideally you'd get a certificate issued by a public CA or if you have an internal CA use that.

0 Helpful

Go to solution
swscco001
Level 1
Level 1
In response to Rob Ingram

‎09-07-2021 02:41 AM

Hi Rob,

 

thanks for the hints!


When I use the option in the AnyConnect client to accept the new

self signed certificate it will be stored in the 'Other People' section
in certmgr.


Thanks a lot!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card