Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
434
Views
0
Helpful
0
Replies

Anyconnect 4.9x Auto Certificate selection does NOT work !?

ida71
Level 1
Level 1

‎02-02-2021 09:05 AM

I recently installed Anyconnect client V4.9 on my Win10 laptop to connect to an ASA running 9.12.3.12 .

 

For perspective, this is a preparation job, so the ASA external Cert is valid, but does NOT currently match its IP/FQDN due to that being used on another gateway we are replacing.

 

If I configure 2FA, everything works as expected. But when I try 3FA using a client side certificate it will only work if I select cert store override in the profile & set cert selection to user control. If I try to use automatic selection, it comes back with Certificate Validation Failure.

 

The ASA has the correct CA & Intermediate Certs. It works fine if I manually select the Cert from the popup that appears as part of connection/login. So I know the correct cert is installed & matching CA certs on the ASA. But I can't seem to get auto cert selection working.

 

Auto cert selection works fine to another set of FTD's we have & that client profile has a <CertificateMatch> property in the .xml profile. Adding similar to the not working profile, breaks manual cert selection to the ASA.

 

I've done some searching on here, but most threads are donkeys years old.

 

Any ideas ?

 

Thanks

 

Chris.

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents