Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
998
Views
0
Helpful
2
Replies

AnyConnect 3.1.03103 - Validate Server Identity

Karel Navratil
Level 1
Level 1

‎04-11-2013 12:57 AM - edited ‎07-03-2021 11:53 PM

Hi,

just to inform, that we found probably a bug in this version of Cisco AnyConnect.

It has problems with validation of server identity on Windows 7 (don't know if also on Win XP).

The proper CA is installed on the client, the proper signed cert is installed on ACS 5.4 (MAR enabled), however the anyconnect is not able to authenticate machine (EAP-FAST).

in ACS logs there is the following message:

12153 EAP-FAST failed SSL/TLS handshake because the client rejected the ACS local-certificate

With previous version 3.1.01065 and the same AnyConnect profile everything works fine.

Regards

Karel

Labels:
0 Helpful
2 Replies 2

Amjad Abdullah
VIP Alumni
VIP Alumni

‎04-13-2013 02:12 AM

Karel:

Are you testing with different versions on same client? or different clients?

Are different versions configured for exactly same profile configuration?

Make sure the proper CA root cert is installed on your client and that it is chosen to be trusted.

I would say there is some piece of configuration need to be corrected somewhere.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Karel Navratil
Level 1
Level 1
In response to Amjad Abdullah

‎04-13-2013 07:16 AM

Hi Amjad,

as I wrote, same client, same profile, different versions.

Latest AnyConnect client do not trust ACS certificate during machine authentication (for user auth it works fine) when the correct CA is installed on the client (user, machine account).

With older version everything is fine.

K.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card