Hi,

Has anyone had luck with AnyConnect 4.8,macOS Catalina and Yubikey 5 smart card authentication?

I know that my cert is good, because I can use it when it is in my key chain, so that is not the issue.

I cannot get authentication working if cert is in my yubikey, AnyConnect says "

Certificate Validation Failure"

Command system_profiler SPSmartCardsDataType gives this output:

SmartCards:

    Readers:

      #01: Yubico YubiKey CCID (ATR:{length = 23, bytes = 0x3bfd1300008131fe158073c021c057597562694b657940})

    Reader Drivers:

      #01: org.debian.alioth.pcsclite.smartcardccid:1.4.31 (/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle)

    Tokend Drivers:

    SmartCard Drivers:

      #01: com.apple.CryptoTokenKit.pivtoken:1.0 (/System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/pivtoken.appex)

    Available SmartCards (keychain):

        com.apple.setoken:

        com.apple.setoken:aks:

        com.apple.pivtoken:7494D54CCBB69C812D294AAFD8B8070B:

    Available SmartCards (token):

        com.apple.setoken:

        com.apple.setoken:aks:

        com.apple.pivtoken:7494D54CCBB69C812D294AAFD8B8070B:

          #01: Kind: private RSA 2048-bit, Certificate: no, Usage: Sign

Valid from: N/A to: N/A, SSL trust: N/A, X509 trust: N/A

          #02: Kind: private RSA 2048-bit, Certificate: no, Usage: Sign

Valid from: N/A to: N/A, SSL trust: N/A, X509 trust: N/A

          #03: Kind: private RSA 2048-bit, Certificate: no, Usage: Decrypt Unwrap

Valid from: N/A to: N/A, SSL trust: N/A, X509 trust: N/A

          #04: Kind: private RSA 2048-bit, Certificate: {length = 20, bytes = 0x5d6443856e8b225e7f79f8715d2153d7f4e745b1}, Usage: Sign

Valid from: 2020-04-03 07:02:44 +0000 to: 2023-04-03 07:02:44 +0000, SSL trust: YES, X509 trust: YES

-----BEGIN CERTIFICATE-----

MIIFfzCCA2egAwIBAgIBATANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJGSTEQMA4GA1UECA......

-----END CERTIFICATE-----

Any help would be nice.

Redards,

Ville