07-11-2018 06:46 AM - edited 03-12-2019 05:27 AM
We are running AC 4.6 on Ubuntu 14.04 and 16.04. Since the introduction to the new SAML auth piece, we have to switch auth methods from username/password/2FA over to cert based.
Get this error when trying to auth.
Message type warning sent to the user: No valid certificates available for authentication.
We are using openssl to create private key and place it in ~/.cisco/certificates/client/private/client.key
We are using IPSec scepclient to retrieve computer cert and place it in ~/.cisco/certificates/client/client.pem
Permissions are set to 555 on both files
Any suggestions?
07-12-2018 03:05 PM
Names and paths look correct. Does the certificate have the right key usages and extended key usages to be chosen as a client certificate? Also, can you open both the client.pem and client.key in a notepad and verify that this is PEM formatted? Both should be readable in a format like this:
-----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- shows a private key in PEM format.
-----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- shows a certificate file in PEM format.
07-13-2018 07:34 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: