Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2053
Views
3
Helpful
15
Replies

Cisco AnyConnect falsely reports that Certificate has expired

Go to solution
tibor-mraovic
Level 1
Level 1

‎05-21-2024 04:54 AM

Hi everyone,

I have a client issue where they claim that Cisco AnyConnect falsely reports that Certificate has expired. When I connect with my own AnyConnect client version 4.10.05111, I do not get this false/positive error. Screenshot attached. Interestingly this has just started to manifest itself after we have changed the active ASA in the cluster. (2 ASA in cluster, active/passive)

tibormraovic_1-1716291918523.png

Things that I have done/checked:

  • Checked the certificate string on both active and passive ASA. Both are valid
  • Told the client to change to a newer AnyConnect client version. Did not help
  • Told the client to uncheck "Block connections to untrusted servers" within AnyConnect. Did not help
  • Added this missing line to Cisco ASA: "crypto ikev2 remote-access trustpoint "CERT_NAME"". Did not help

I am at a roadblock and would appreciate if someone can give me some hints on what to check further. Keep in mind that I do not have a lot of experience with troubleshooting AnyConnect/certificate issues.

Please let me know what other information I need to share.

Regards,

Tibor

0 Helpful
15 Replies 15

Go to solution
tibor-mraovic
Level 1
Level 1
In response to Dustin Anderson

‎05-21-2024 10:37 PM

I don't think this would be an issue because everything worked before ASA failover. I will confirm the time with them to be 100% sure, but multiple clients have reported this issue right after we have done ASA failover.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card