cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

660
Views
0
Helpful
2
Replies
Highlighted
Beginner

AnyConnect 3.1.03103 - Validate Server Identity

Hi,

just to inform, that we found probably a bug in this version of Cisco AnyConnect.

It has problems with validation of server identity on Windows 7 (don't know if also on Win XP).

The proper CA is installed on the client, the proper signed cert is installed on ACS 5.4 (MAR enabled), however the anyconnect is not able to authenticate machine (EAP-FAST).

in ACS logs there is the following message:

12153 EAP-FAST failed SSL/TLS handshake because the client rejected the ACS local-certificate

With previous version 3.1.01065 and the same AnyConnect profile everything works fine.

Regards

Karel

2 REPLIES 2

AnyConnect 3.1.03103 - Validate Server Identity

Karel:

Are you testing with different versions on same client? or different clients?

Are different versions configured for exactly same profile configuration?

Make sure the proper CA root cert is installed on your client and that it is chosen to be trusted.

I would say there is some piece of configuration need to be corrected somewhere.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
Beginner

AnyConnect 3.1.03103 - Validate Server Identity

Hi Amjad,

as I wrote, same client, same profile, different versions.

Latest AnyConnect client do not trust ACS certificate during machine authentication (for user auth it works fine) when the correct CA is installed on the client (user, machine account).

With older version everything is fine.

K.

CreatePlease to create content
Content for Community-Ad

August's Community Spotlight Awards