Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
602
Views
0
Helpful
1
Replies

Anyconnect with Local CA Certificate authentication

scott.bridges
Level 1
Level 1

‎12-30-2015 05:11 AM - edited ‎02-21-2020 08:36 PM

Hello,

I'm having an issue with downloading the client certificate for AnyConnect clients.

Right now I have a Local CA defined on my ASA5505 9.1.6 and a Split Tunnel profile setup to authenticate via Certificate.

From a remote site, I can access https://myasa.mydomain.com and see the Portal page with all my profiles (I have working profiles with Local auth), and I see my newly created "Certificate Split Tunnel".  When I click on this profile, the username/password field goes away and I'm presented with just "Logon" (so far, so good).  I immediately get an Invalid Certificate error and I'm never prompted to use my OTP in order to download the Client Certificate.

As an FYI, I initially changed one of my other working profiles to use Certificates and the first time I tried, I was prompted to download the Client Certificate and everything worked.  That's when I decided to create a profile dedicated to Cert use.  To add to this, on the machine that I got it to work once, I can successfully AnyConnect to the "Certificate Split Tunnel" profile because I had already downloaded the Client Cert previously.

I just can't get the prompt for the new profile.

Any ideas?

Best,

1 person had this problem
Labels:
0 Helpful
1 Reply 1

s.mejiagarcia1
Level 1
Level 1

‎01-14-2016 06:44 PM

hi scott, i resolved that problem when i put the complete URL for example: https://ciscoasa.homeca.com.co/+CSCOCA+/enroll.html

when i did without the .html i couldn´t access to the firewall local ca enrollment.

i hope that help you and sorry for my bad english.

0 Helpful
Customers Also Viewed These Support Documents