10-23-2009 09:55 AM - edited 02-21-2020 04:21 PM
Hi All!
I'm trying to configure AnyConnect to use our domain issued machine certificate for authentication together with radius otp password.
My problem is that the AnyConnect client does not find my machine certficate.
I have configured an xml file with:
<CertificateStore>Machine</CertificateStore>
<AutomaticCertSelection UserControllable="false">false</AutomaticCertSelection>
The Anyconnect client starts and I see a popup with "Looking for credential tiles" and directly "No certficates found", this on a Windows 7 and on a Windows XP I also get an popup to choose certficate but it is empty.
Also see part of a message that I do believe means "No certificates meet the application criteria" on the Windows 7 machine.
Please, anyone else that has tried this and have some suggestions, really need this to work!
Thanks!
/Johan
10-23-2009 01:34 PM
1. can you confirm if machine cert is installed?
2. can you confirm if the user has the right to access machine cert.
If I remember correctly, "
10-25-2009 04:49 AM
Thanks for replying! :)
Yes, the machine cert is there and i'm local admin on the computer, also tried the CertificateStoreOverride in the xml file but no luck.
There must be some kind of criteria that the AnyConnect client looks at but cannot find in my cert?
Is the config one the firewall involved in this first stage when the AnyConnect client looks for the certificate, could it be a config error on the firewall?
10-26-2009 09:17 AM
If PC does have the machine cert and user does have the access right to it, could you please verify if your machine cert is valid?
Based on "get an popup to choose certificate but it is empty", I am thinking a issue with your machine cert.
On ASA side, do you have ID cert and CA cert installed?
10-26-2009 11:31 AM
Yes, ID cert and CA cert install, it works.
The machine cert worked when I tried the Cisco IPSEC VPN client, it finds it and I can connect and authenticate, but not with the AnyConnect.
Thanks!
/Johan
10-26-2009 02:37 PM
can you try to disable "User Account Control" and try it again?
If it still does not work, please open a case with TAC.
10-27-2009 04:38 AM
UAC disabled, same error, TAC case opened, thanks for your help!
/Johan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide