Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14461
Views
10
Helpful
7
Replies

AnyConnect asking to install Certificate

Go to solution
Moises Araujo
Level 1
Level 1

‎10-13-2012 10:29 AM - edited ‎02-21-2020 06:24 PM

Hi, after I have installed AnyConnect VPN client, every time that I connect the client ask to install certificate.

I already installed the certificate in the Trusted Root Certification Authorities with no sucess.

I configured the AnyConnect with LDAP option with memberof option and its working fine, but the certificate message is displayed every time  I do login. Any idea how I can install it permanently?

Thanks

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to Moises Araujo

‎10-15-2012 06:46 AM

here is a sample config:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

Don't worry about the fqdn command as you are not using fqdn. Under "subject-name" command, configure CN=

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎10-14-2012 03:45 AM

What is your certificate CN name, and also how do you connect with the AnyConnect (using IP Address or FQDN)?.

What exactly is the error that you are getting, can you share a screenshot of it?

Go to solution
Moises Araujo
Level 1
Level 1
In response to Jennifer Halim

‎10-14-2012 05:56 AM

I am using the public IP Address to connect.

Every time that I connect the client ask to install certificate:

I already installed the certificate in the Trusted Root Certification Authorities with no sucess.

Thanks

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to Moises Araujo

‎10-14-2012 01:28 PM

Can you also share the screenshot of the certificate?

If your CN= within the certificate doesn't match the URL that you are trying to connect, you will get that error.

Try connecting using the same name as the CN= within the certificate, then you wouldn't get any of the error anymore.

Or, create the certificate so that the CN= says "CN=", as that is how you connect to it.

Go to solution
Moises Araujo
Level 1
Level 1
In response to Jennifer Halim

‎10-15-2012 06:41 AM

I checked in the Trusted Root Certification Authorities, the certificate has the ASA inside IP Address:

How can I create the CN= that says "CN="?

Thank you

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to Moises Araujo

‎10-15-2012 06:46 AM

here is a sample config:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

Don't worry about the fqdn command as you are not using fqdn. Under "subject-name" command, configure CN=

0 Helpful

Go to solution
Moises Araujo
Level 1
Level 1
In response to Jennifer Halim

‎10-15-2012 07:32 AM

Jennifer, I configured the CN to the public IP Address as you said, now the certificate is no more asking to install.

Thank you very much:)

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to Moises Araujo

‎10-15-2012 07:19 PM

Great, thanks for the update and good to hear it's all good now.

0 Helpful
Customers Also Viewed These Support Documents