08-19-2009 01:57 PM - edited 02-21-2020 03:38 AM
I am attempting to preform AAA and certificate authentication for a specific profile for AnyConnect clients hitting my ASA5550. I am running 8.2 and have everything working except when I turn on the certificate matching. I am wondering if certificate matching is restricted to certs in the "personal" store on Windows machines of if it can be against a Domain cert in the Trusted Root store.
Also, what debugging can I do to see what exactly is failing when I attempt this configuration?
I have set the match criteris via the xml group policy which is attached (detail removed).
08-25-2009 07:56 AM
The AnyConnect client supports the following certificate match types. Some or all of these may be used for client certificate matching. Certificate matching are global criteria that can be set in an AnyConnect profile. The criteria are:
â¢Key Usage
â¢Extended Key Usage
â¢Distinguished Name
09-29-2009 11:03 AM
What Anyconnect version are you using ?
have you tried version 2.4 (beta).
The only AnyConnect client working as expected when it comes to certificate match is this beta version. Trying all the other official release is a waist of time; all those official releases are full of bugs when it comes to certificate match.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide