Anyconnect automatic certificate selection

paholland · ‎02-22-2013

If a client device running windows 7 has 1 machine certificate and multiple user certificates, with the xml profile certificate store set to "All" and auto certitifcate selection is enabled, which certificate will anyconnect present first for certificate to anyconnect profile mapping rules. If it is OS dependant is there a way to change the default order

Herbert Baerten · ‎02-25-2013

hi paholland

The order is OS dependant, and AFAIK there is no way to influence the order.

However, you can limit which certificates are used by implementing certificate match criteria in the profile:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html#wp1216866

hth

Herbert

jsteffensen · ‎05-25-2021

Do you have some more info about the syntax for "Custom extended Match" Syntax?

I cant find any information about this online.

Regards

Jarle

Marvin Rhoads · ‎05-25-2021

@jsteffensen This is a very old thread but you can find the "Custom Extended Match" information you are asking about in the current AnyConnect Admin Guide:

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect410/administration/guide/b-anyconnect-admin-guide-4-10/configure_vpn.html#ID-1428-00000652