Untrusted VPN Server Certificate

Jeremy Wroblewski · ‎12-12-2012

We just upgraded our AnyConnect to Ver 3.1.01065 and we are using a self signed cert with it. We haven't had any issues with the before but now when ever a customer logs on to the VPN using AnyConnect we get " Security warning: Untrusted VPN Server Certificate!" and it says that AnyConnect cannot verify the VPN server.

Then i can connect anyways or cancel.

Because this is my server and i trust the cert i am fine just clicking Connect anyways. My customers freak out a bit when they see this, I know this has to be a simple fix but i can't figure out how to get my local boxes to trust the cert. Has anyone run in to this with Ver 3.1.01065 and how did you fix it?

Thanks,

Jeremy

Marvin Rhoads · ‎12-12-2012

Cisco is really trying to make people stop using self-signed certificates with AC 3.1. You have to either use a trusted root CA (either private or public) or turn off the certificate checking altogether.

Jaime Gonzalez · ‎03-31-2017

Hi Marvin.

How can we turn off the certificate checking on AnyConnect Client??

Thanks

Marvin Rhoads · ‎03-31-2017

You can tell AnyConnect to not block untrusted certificates.

You cannot make it not check at all.

Doing so would violate a fundamental principle of SSL (Secure Sockets Layer).

It is relatively inexpensive to obtain and easy to install a trusted CA-signed certificate. That makes things much simpler for the end user and enhances overall security.