cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
501
Views
0
Helpful
0
Replies

Anyconnect 4.9x Auto Certificate selection does NOT work !?

ida71
Level 1
Level 1

I recently installed Anyconnect client V4.9 on my Win10 laptop to connect to an ASA running 9.12.3.12 .

 

For perspective, this is a preparation job, so the ASA external Cert is valid, but does NOT currently match its IP/FQDN due to that being used on another gateway we are replacing.

 

If I configure 2FA, everything works as expected. But when I try 3FA using a client side certificate it will only work if I select cert store override in the profile & set cert selection to user control. If I try to use automatic selection, it comes back with Certificate Validation Failure.

 

The ASA has the correct CA & Intermediate Certs. It works fine if I manually select the Cert from the popup that appears as part of connection/login. So I know the correct cert is installed & matching CA certs on the ASA. But I can't seem to get auto cert selection working.

 

Auto cert selection works fine to another set of FTD's we have & that client profile has a <CertificateMatch> property in the .xml profile. Adding similar to the not working profile, breaks manual cert selection to the ASA.

 

I've done some searching on here, but most threads are donkeys years old.

 

Any ideas ?

 

Thanks

 

Chris.

0 Replies 0