cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

3495
Views
0
Helpful
5
Replies
Beginner

Anyconnect 3.1 untrusted server cert w/ Wildcard

I've seen a bunch of discussions on the untrusted server cert error with self signed certs.  But I have a valid wildcard that I use on my ASA.  How do I make that work with out the untrusted server cert error?

TIA

Scott                  

5 REPLIES 5
Cisco Employee

Anyconnect 3.1 untrusted server cert w/ Wildcard

For wild card certificate, when you configure the trustpoint, also configure "fqdn none", and that would fix the wildcard untrusted certificate issue.

Beginner

Anyconnect 3.1 untrusted server cert w/ Wildcard

I am now seeing this problem show up on the latest Android/iOS clients as well.  We have "fqdn none" configured for our trustpoint, and are using a valid * wildcard certifcate from Digicert on the ASA.  The certificate tests 100% valid on ssllabs.com.  I am opening a TAC case and will update this thread.

Highlighted
Beginner

Anyconnect 3.1 untrusted server cert w/ Wildcard

Update:

Android and iOS devices do not have the same trust root CA installed as a MS Windows client.  I had to load both the root and intermediate CA certs for Digicert into the ASA.  The Android/iOS devices picked up all three certs successfully and no longer generate untrusted sever errors.

Enthusiast

Anyconnect 3.1 untrusted server cert w/ Wildcard

Mark,

Thanks for the update but can you go into detail on how you added the three certs to one trustpoint?

Cheers

Beginner

Anyconnect 3.1 untrusted server cert w/ Wildcard

The CA certificates were not added directly to the existing trustpoint.  You could add them directly via the ASDM as "CA Certificates" rather than "Identity Certificates", or with code similar to: 

crypto ca trustpoint Inter_CA

enrollment terminal

crl configure

crypto ca trustpoint Root_CA

enrollment terminal

crl configure

crypto ca certificate chain Inter_CA

certificate ca ....

crypto ca certificate chain Root_CA

certificate ca ....

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here