09-23-2022 11:42 AM
Recently I deployed certificate auth for our remote VPN clients and it works for the most part, but for Win users that have multiple Personal certificates AnyConnect has no way of selecting correct machine cert that is coming from our CA so I had to build a bypass for those users to just use AD cred / MFA.
Does anyone know if there is a way to specify AnyConnect to use specific cert for authentication based on CA or CN, OU...
I tried contacting TAC with no help and our Cisco rep as well.
Solved! Go to Solution.
09-26-2022 06:38 AM
I am not in TAC, but I would suggest you open a new case and get details as to why they say this will not work.
09-23-2022 12:51 PM - edited 09-23-2022 12:51 PM
AnyConnect can use several different factors for selecting the certificate to be used. Have you looked at the VPN profile "Certificate Matching" section?
09-23-2022 01:30 PM
I've had TAC opened in regards to this but they told me that this won't serve my function. Is there more detailed guide that explains function of Certificate Matching and how it works?
09-23-2022 01:42 PM
Th AnyConnect admin guide has details on the certificate matching criteria.
If TAC said it would not resolve your issue, we would need more details as to why it would not work and the configuration you are tying to use.
09-23-2022 02:07 PM
I asked them same exact question that I posted here and they told me that Certificate Matching wouldn't work. Case number: 694091196.
So you're saying that Certificate Matching will work for what I need?
09-26-2022 05:13 AM
I don't know the exact scenario or configuration (certs etc) that you have installed so I can't say, but normally this is the solution when you want to narrow down the certs to be used. If you can't find unique criteria to use for the single cert then you might end up with multiple matching. Have you tried it?
09-26-2022 06:21 AM
If I open TAC are you able to help?
09-26-2022 06:38 AM
I am not in TAC, but I would suggest you open a new case and get details as to why they say this will not work.
09-26-2022 12:01 PM
Yea I'll try again, thanks for your input.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide