Solved: Re: How to avoid anyconnect untrusted server alert

l.buschi · ‎05-02-2022

Hello,

my costumer migrated his antivirus and now he has issues with anyconnect.

He need to upload a certificate to avoid the alert on anyconnect connection.

He need to contnue in local username AAA, no certificate authentication for user.

Is there a way to upload a certificate to solve this problem?

In attachement the alert.

Many tks

Johnny

Marvin Rhoads · ‎05-02-2022

The headend device (ASA or FTD) must have a certificate issued by a trusted Certificate Authority (CA) matching the Fully Qualified Domain Name (FQDN) of the device. If you access it via IP address it will typically always give you the untrusted alert.

Using local authentication (or not) and the type of authentication (username and password vs. certificate) is completely unrelated to this problem.

View solution in original post

Marcelo Morais · ‎05-02-2022

Hi @l.buschi ,

at AnyConnect > click the Cog Wheel > Preferences > you are able to disable the Block Connections to Untrusted Servers.

Hope this helps !!!

Marvin Rhoads · ‎05-02-2022

The headend device (ASA or FTD) must have a certificate issued by a trusted Certificate Authority (CA) matching the Fully Qualified Domain Name (FQDN) of the device. If you access it via IP address it will typically always give you the untrusted alert.

Using local authentication (or not) and the type of authentication (username and password vs. certificate) is completely unrelated to this problem.

l.buschi · ‎05-02-2022

Many tks Marvin.

where is the section on ASDM I can upload a certificate?

Marvin Rhoads · ‎05-02-2022

You're welcome.

Here's a complete guide to setting up a certificate:

https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html

Once you have it installed, be sure to select it under the Remote Access VPN setup as the device certificate to be used.

MHM Cisco World · ‎05-02-2022

check this link.