Buy or Renew
Buy or Renew
ATTENTION: We are currently working an issue with posting. Thank you for your patience while we work on a resolution.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
139770
Views
0
Helpful
2
Replies

AnyConnect certificate error

Go to solution
KevinYounil1
Level 1
Level 1

ā€Ž01-03-2018 09:49 AM - edited ā€Ž03-12-2019 04:52 AM

Hello,

I have implemented an AnyConnect solution on our ASA 5516X and I am using ACS as 3A server. ASA has been configured to use certificates for authentication. The client has a computer and user certificate installed and when it tries to to connect it receives an error message stating "certificate validation failure" on the client. I ran deubug on ASA and realized that right TrustPoint getting selected and also saw this error:

 No certificates received during the handshake with client Public:w.x.y.z/52494 to w.x.y.z/443 for DTLSv1 session.

My final goal is just to authenticate computer certificate and I have installed user certificate just for testing purpose. Has anyone any idea about that?

Any help in this regard would be greatly appreciated.

Kevin

6 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11

ā€Ž01-03-2018 09:54 AM

In your anyconnect profile, are you keeping certificate selection as
automatic. Also, are you having the certificate in the personal certificate
store. Finally, is your client certificate having Client Authentication in
Extended Key Usage. Your CA should be generating Client Authentication EKU
certificates to be picked by anyconnect client and used for authentication.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Mohammed al Baqari
Level 11
Level 11

ā€Ž01-03-2018 09:54 AM

In your anyconnect profile, are you keeping certificate selection as
automatic. Also, are you having the certificate in the personal certificate
store. Finally, is your client certificate having Client Authentication in
Extended Key Usage. Your CA should be generating Client Authentication EKU
certificates to be picked by anyconnect client and used for authentication.
0 Helpful

Go to solution
KevinYounil1
Level 1
Level 1
In response to Mohammed al Baqari

ā€Ž01-03-2018 10:29 AM - edited ā€Ž01-03-2018 11:45 AM

Hi Mohammed,

Thank you for your reply.

 

I checked your recommendations and it is working now but the problem is: it is still verifying user certificate not Computer certificate. How can I set to verify computer certificate instead?

0 Helpful
Customers Also Viewed These Support Documents