Just upgraded to newest version on anyconnect... asa running 8.4(4) 1
I only have this security warning :
Does anyone knows how to get rid of it ? , i have installed the cert on the client and have no warning when entering the https site for connecting / downloading the anyconnect client.
If i accept i will be logged on anyconnect and this will show up everytime connecting.
You need in certificate that is used by HTTP Server (SSLVPN) to have Extended Key Usage (EKU) value of 'Server Authentication' .
You can use for it Cisco CA on IOS for some time already.
Example PKI Server configuration:
crypto pki server CA
eku server-auth client-auth
crypto pki trustpoint CA-self
enrollment url http://10.1.1.2:80
eku request server-auth
I hope it helps. Cheers.
>You can use for it Cisco CA on IOS for some time already<
Which IOS version is that , im trying with 15.1.4 on a 2801... still not able to use EKU command.
Please refer to the bug CSCtl97326 which was feature request for EKU in PKI Server:
Based on this information it is added in:
In case of 15.1.4 I cannot check it without a trendline (T/S/M).