Problem
After upgrading AnyConnect package on AS from 3.0 to 3.1 getting error that the certificate is untrusted and have to accept the certificate when trying to automatically login to the website. Is it possible to disable the strict trust setting to avoid this error?
Resolution
It is strongly recommended that Strict Certificate Trust for the AnyConnect client is enabled for the following reasons:
•With the increase in targeted exploits, enabling Strict Certificate Trust in the local policy helps prevent man in the middle attacks when users are connecting from untrusted networks such as public-access networks.
•Even if you use fully verifiable and trusted certificates, the AnyConnect client, by default, allows end users to accept unverifiable certificates. If your end users are subjected to a man-in-the-middle attack, they may be prompted to accept a malicious certificate. To remove this decision from your end users, enable Strict Certificate Trust.
Refer to Enable Strict Certificate Trust in the AnyConnect Local Policy for more information.
Still it is possible to disable Strict Trust Setting by using the local policy editor.
This can also be done manually.
The profile editor can be found as anyconnect-profileeditor-win-3.1.01065-k9.exe at Standalone Profile Editor package on Windows platforms.
Source:https://supportforums.cisco.com/thread/2179230?tstart=0