cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
96971
Views
54
Helpful
28
Replies

Cisco AnyConnect - removing Certificate Blocked Error Dialog

Intermediate Cert:

Identity Cert

Thanks

Cisco AnyConnect - removing Certificate Blocked Error Dialog

Yeahp, the trial flag is in there, so the browser will not consider it as a trusted certificate unless you install the CA in the machine.

Thanks.

Cisco AnyConnect - removing Certificate Blocked Error Dialog

I've installed the root and intermediate certs but same thing.

where exactly does the client search for the certs?

Thanks.

Cisco AnyConnect - removing Certificate Blocked Error Dialog

What if you try through the Web browser?

Thanks in advance.

Cisco AnyConnect - removing Certificate Blocked Error Dialog

What about the CN on the identity cert of the ASA?  Is the outside IP or the DNS name associated to the IP?

Thanks.

Cisco AnyConnect - removing Certificate Blocked Error Dialog

CN is the DNS name.

I've tried through the Web browser but same warning.

Thanks.

Cisco AnyConnect - removing Certificate Blocked Error Dialog

Please attach.

Thanks.

Cisco AnyConnect - removing Certificate Blocked Error Dialog

what would like me to attach?

Thanks.

Beginner

Hi Javier,

Hi Javier,

I'm using an internal Root CA(Microsoft AD) and my computers are also part of the domain and they trust the Root CA. I've imported the Root CA into ASA and applied a certificate into the Identity Certificate Store... even so We're keep getting this warning.

Please help

Regards,

AM 

Cisco AnyConnect - removing Certificate Blocked Error Dialog

Guys,

Did you get this sorted? As I'm having the same issues but only on Android and Linux Ubuntu devices. I've tested on Windows, Mac, iOS - all seem to have no issues, but android and linux don't see the certificate as being legit and should be trusted. I've now tested with certificates from 2 CAs - AusCERT and Thawte SSL CA.

Enthusiast

Re: Cisco AnyConnect - removing Certificate Blocked Error Dialo

Yes this is getting silly, we have a valid Entrust cert where the SAN matches DNS and CN and it's applied to the ASA. The Anyconnect client errors only from IOS and Windows 8. Windows IE to the ASA shows a valid cert and its' Anyconnect does not error.

Opened a case on this as I'm guessing it requires more than one cert for IOS and Win8 from Entrust 2048

I will post the results

Bob James

Highlighted
Beginner

Re: Cisco AnyConnect - removing Certificate Blocked Error Dialo

@bjames@snetworks.com

I had this issue and I open a ticket. It took 3 days and still didn't find an answer for my case. However, until I thought about changing something at Anyconnect Client profile. As long you have a vaild cert and everything is matching correctly

My Solution was:

The Server is seeing the connection as IP address when it is expecting URL address. Therefore, it is blocking it. When you edit the server list to match the URL of Cert, then It will allow it

Try the following steps,

1.  Click on Anyconnect Client profile

2.  Edit Anyconnect_Group profile

3.  Edit Server list

4. Add or Edit the hostname (You will see IP address, however, your cert is URL address ) So you have to add it or delete the IP address and keep URL )

5. Host display: Remote.exmaple.com and FQDN: Remote.example.com

** Your cert that you applied for the interface must match the URL otherwise it won't work. So you can make your Cert

(( *.example.com )) and it should match any URL you give



Qousai Edelbi
CCNP,CCDA
Lead Network Security Administrator

Beginner

Cisco AnyConnect - removing Certificate Blocked Error Dialog

Hi Qousai Edelbi

I use a valid certificate from StartSSL.com and got this error message despite of this fact. Actually everything should work but I got this ugliy error until I followed your steps. Now the error message is gone. Thank you for posting your solution.

Beste Regards

Marco

Beginner

Hi Liambreathnach, Did you

Hi Liambreathnach,

 

Did you resolved this issue? if yes how? can you tell me the procedure?

 

best regards,

AM