Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1532
Views
0
Helpful
2
Replies

AnyConnect 4.6 on Ubuntu certificate authentication

mikefry
Level 1
Level 1

‎07-11-2018 06:46 AM - edited ‎03-12-2019 05:27 AM

We are running AC 4.6 on Ubuntu 14.04 and 16.04.  Since the introduction to the new SAML auth piece, we have to switch auth methods from username/password/2FA over to cert based.

 

Get this error when trying to auth.

Message type warning sent to the user: No valid certificates available for authentication.

We are using openssl to create private key and place it in ~/.cisco/certificates/client/private/client.key

We are using IPSec scepclient to retrieve computer cert and place it in ~/.cisco/certificates/client/client.pem

Permissions are set to 555 on both files

 

Any suggestions?

Labels:
0 Helpful
2 Replies 2

Rahul Govindan
VIP Alumni
VIP Alumni

‎07-12-2018 03:05 PM

Names and paths look correct. Does the certificate have the right key usages and extended key usages to be chosen as a client certificate? Also, can you open both the client.pem and client.key in a notepad and verify that this is PEM formatted? Both should be readable in a format like this:

 

-----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- shows a private key in PEM format.
-----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- shows a certificate file in PEM format.

0 Helpful

mikefry
Level 1
Level 1
In response to Rahul Govindan

‎07-13-2018 07:34 AM

Thank you for the reply.
The RSA Private Key appears to be the correct formot.
The client.pem does not. I’ll check into fixing this.
0 Helpful
Customers Also Viewed These Support Documents