Yeahp, the trial flag is in there, so the browser will not consider it as a trusted certificate unless you install the CA in the machine.
I've installed the root and intermediate certs but same thing.
where exactly does the client search for the certs?
What about the CN on the identity cert of the ASA? Is the outside IP or the DNS name associated to the IP?
I'm using an internal Root CA(Microsoft AD) and my computers are also part of the domain and they trust the Root CA. I've imported the Root CA into ASA and applied a certificate into the Identity Certificate Store... even so We're keep getting this warning.
Did you get this sorted? As I'm having the same issues but only on Android and Linux Ubuntu devices. I've tested on Windows, Mac, iOS - all seem to have no issues, but android and linux don't see the certificate as being legit and should be trusted. I've now tested with certificates from 2 CAs - AusCERT and Thawte SSL CA.
Yes this is getting silly, we have a valid Entrust cert where the SAN matches DNS and CN and it's applied to the ASA. The Anyconnect client errors only from IOS and Windows 8. Windows IE to the ASA shows a valid cert and its' Anyconnect does not error.
Opened a case on this as I'm guessing it requires more than one cert for IOS and Win8 from Entrust 2048
I will post the results
I had this issue and I open a ticket. It took 3 days and still didn't find an answer for my case. However, until I thought about changing something at Anyconnect Client profile. As long you have a vaild cert and everything is matching correctly
My Solution was:
The Server is seeing the connection as IP address when it is expecting URL address. Therefore, it is blocking it. When you edit the server list to match the URL of Cert, then It will allow it
Try the following steps,
(( *.example.com )) and it should match any URL you give
Qousai Edelbi CCNP,CCDA
Lead Network Security Administrator
Hi Qousai Edelbi
I use a valid certificate from StartSSL.com and got this error message despite of this fact. Actually everything should work but I got this ugliy error until I followed your steps. Now the error message is gone. Thank you for posting your solution.