cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1721
Views
0
Helpful
2
Replies

AnyConnect Certificates and Getting Rid of the "Connect Anyway" screen

Ninjabean
Level 1
Level 1

How do AnyConnect certificates work? What I am trying to do is stop users from having to click the "Connect anyway" button on the certificate warning screen. I cant seem to find where they are stored locally or inside of ASDM

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

AnyConnect uses the identity certificate of the ASA. If the certificate FQDN or Subject Alternative Name (SAN) doesn't match the URL you've given your users then they will get the mismatch and be required to manually accept that discrepancy ("Connect anyway").

In ASDM it shows up under Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles, Device Certificate button. The available certificate(s) are listed under Configuration > Device Management > Certificate Management > Identity Certificates.

In the cli there is a "ssl trust-point <TrustPoint Name> <Interface name>" command that binds a given certificate Trustpoint to the interface where the clients connect. That equates to the first section above. The second section would be under "crypto ca certificate ..." commands.

 

View solution in original post

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

AnyConnect uses the identity certificate of the ASA. If the certificate FQDN or Subject Alternative Name (SAN) doesn't match the URL you've given your users then they will get the mismatch and be required to manually accept that discrepancy ("Connect anyway").

In ASDM it shows up under Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles, Device Certificate button. The available certificate(s) are listed under Configuration > Device Management > Certificate Management > Identity Certificates.

In the cli there is a "ssl trust-point <TrustPoint Name> <Interface name>" command that binds a given certificate Trustpoint to the interface where the clients connect. That equates to the first section above. The second section would be under "crypto ca certificate ..." commands.

 

Thank you!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: