cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10200
Views
10
Helpful
7
Replies
Highlighted
Beginner

AnyConnect asking to install Certificate

Hi, after I have installed AnyConnect VPN client, every time that I connect the client ask to install certificate.

I already installed the certificate in the Trusted Root Certification Authorities with no sucess.

I configured the AnyConnect with LDAP option with memberof option and its working fine, but the certificate message is displayed every time  I do login. Any idea how I can install it permanently?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

here is a sample config:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

Don't worry about the fqdn command as you are not using fqdn. Under "subject-name" command, configure CN=

View solution in original post

7 REPLIES 7
Highlighted
Cisco Employee

What is your certificate CN name, and also how do you connect with the AnyConnect (using IP Address or FQDN)?.

What exactly is the error that you are getting, can you share a screenshot of it?

Highlighted

I am using the public IP Address to connect.

Every time that I connect the client ask to install certificate:

I already installed the certificate in the Trusted Root Certification Authorities with no sucess.

Thanks

Highlighted

Can you also share the screenshot of the certificate?

If your CN= within the certificate doesn't match the URL that you are trying to connect, you will get that error.

Try connecting using the same name as the CN= within the certificate, then you wouldn't get any of the error anymore.

Or, create the certificate so that the CN= says "CN=", as that is how you connect to it.

Highlighted

I checked in the Trusted Root Certification Authorities, the certificate has the ASA inside IP Address:

How can I create the CN= that says "CN="?

Thank you

Highlighted

here is a sample config:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

Don't worry about the fqdn command as you are not using fqdn. Under "subject-name" command, configure CN=

View solution in original post

Highlighted

Jennifer, I configured the CN to the public IP Address as you said, now the certificate is no more asking to install.

Thank you very much:)

Highlighted

Great, thanks for the update and good to hear it's all good now.