Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1996
Views
0
Helpful
3
Replies

Anyconnect Certificate Untrusted Error MACOSx - Posture Check

ssarikaya
Level 1
Level 1

‎07-24-2023 02:10 AM - edited ‎07-24-2023 03:09 AM

Hi Everyone,

 

I have an issue is that I have use local CA server detail on ISE Serve for posture Portal binding. when Anyconnect of MACOSx connects to ISE server, showing the Certificate Untrusted Error(Certificate is not trusted). I have added the root ca and server certificate of ISE to cert store as "Always Trust". However, always 1Connect Anyway" screen is coming. Why Anyconnect do not see the local MAC Cert store. Have you any idea about it ?

Labels:
0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎07-24-2023 03:43 AM

 

 

 - There are a few possible reasons why AnyConnect might not be seeing the local macOS cert store. One possibility is that the cert store is not configured to be trusted by AnyConnect. To check this, open the Keychain Access app on your Mac and navigate to the Certificates category. The root CA certificate for your local CA should be listed here. If it is not, you can add it by clicking the Import button and selecting the certificate file.

     Once the root CA certificate is added, you need to tell AnyConnect to trust it. To do this, open the AnyConnect preferences and click on the Advanced tab. In the Certificate Store Override section, check the box next to "Trust all certificates in this store."

    If you have already done these things and AnyConnect is still not seeing the local cert store, then there might be a problem with the AnyConnect profile. To check this, open the AnyConnect profile file in a text editor and look for the following line:

               <Setting name="CertificateStoreOverride" value="true"/>

If this line is not present, then add it. Once you have added the line, save the profile file and try connecting to AnyConnect again.

If you are still having problems, then you can try the following:

           Restart your Mac.
           Uninstall and reinstall AnyConnect.

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

ssarikaya
Level 1
Level 1
In response to marce1000

‎07-24-2023 04:01 AM

Hi,

I want to try first suggestion but I do not see this poart on my MACOSx (Ventura) "  Once the root CA certificate is added, you need to tell AnyConnect to trust it. To do this, open the AnyConnect preferences and click on the Advanced tab. In the Certificate Store Override section, check the box next to "Trust all certificates in this store."
I want to see this part, then I do not see also  "<Setting name="CertificateStoreOverride" value="true"/>"  parameter which file is includes it ?

0 Helpful

marce1000
VIP
VIP
In response to ssarikaya

‎07-24-2023 06:28 AM

 

                          >....  parameter which file is includes it ?
              /opt/cisco/secureclient/vpn/profile/ or  /opt/cisco/anyconnect /vpn/profile/

                      - You may need to add this variable , (if you can't find it)

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents