AnyConnect 4.6 on Ubuntu certificate authentication

mikefry · ‎07-11-2018

We are running AC 4.6 on Ubuntu 14.04 and 16.04. Since the introduction to the new SAML auth piece, we have to switch auth methods from username/password/2FA over to cert based.

Get this error when trying to auth.

Message type warning sent to the user: No valid certificates available for authentication.

We are using openssl to create private key and place it in ~/.cisco/certificates/client/private/client.key

We are using IPSec scepclient to retrieve computer cert and place it in ~/.cisco/certificates/client/client.pem

Permissions are set to 555 on both files

Any suggestions?

Rahul Govindan · ‎07-12-2018

Names and paths look correct. Does the certificate have the right key usages and extended key usages to be chosen as a client certificate? Also, can you open both the client.pem and client.key in a notepad and verify that this is PEM formatted? Both should be readable in a format like this:

-----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- shows a private key in PEM format.
-----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- shows a certificate file in PEM format.

mikefry · ‎07-13-2018

Thank you for the reply.
The RSA Private Key appears to be the correct formot.
The client.pem does not. I’ll check into fixing this.