12-18-2017 08:45 AM - edited 03-12-2019 04:51 AM
When try to fire a connection the error arose like "the server certificate received or its chain does not comply with FIPS", it seems this is related to FIPS mode which could be controlled by local policy, and it's set to false already there.
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectLocalPolicy xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectLocalPolicy.xsd" acversion="3.1.04066">
<FipsMode>false</FipsMode>
<StrictCertificateTrust>false</StrictCertificateTrust>
</AnyConnectLocalPolicy>
Version of AnyConnect Secure Mobile Client - 3.1.04066
macOS: High Sierra - 10.13.2
BTW, it's all good to connect to the same ASA from other windows machines and it's been there for quite some time. the issue only appears to the Mac book.
12-18-2017 08:57 AM
Hello @sundell810,
You can change that value from the file and save it as TRUE, after you apply this change reboot the machine and verify again the file, test the connection and everything should be working fine.
HTH
Gio
12-18-2017 11:11 AM
Thanks for your reply, I think we need to actually disable the FipsMode to make it work since the client is complaining the incompatibilty of the downloaded certificate, changing it to be true will enforce the client to be in FipsMode, right? don't know how that could solve the issue.
12-18-2017 11:34 AM
Hello @sundell810,
Based on this message "the server certificate received or its chain does not comply with FIPS", that could indicate the ASA is using FIPS or higher algorithms that Mac device don´t comply. If you make true, it will use the highest values for the OS and test the connection with that.
Also, if you like you can provide the DART for Windows and Mac devices in order to look further the differences.
HTH
Gio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide