Anyconnect Client authentication method
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2010 08:17 AM - edited 02-21-2020 04:51 PM
Hi dear,
I have issue to do work my anyconnect client with local machine certificate:
Here how I configured my ASA5520 version 8.2(2) with ASDM 6.2.5 and anyconnect 2.5:
I choose a name for my web link “my.company.com” for this name I bought a SSL Certificate from VeriSign, and installed it to ASA and enabled to our WAN interface.
All our company laptop have a machine certificate delivered by our own CA that is windows.
I configured the anyconnect profile xml file under “Preferences” to match Certificate Store=machine, and also checked out the Certificate Store Override option, under “Certificate Match” tab – Distinguished Name I added (CN and DC) that match our CA and CN.
On the profile tunnel I choice authentication method=Certificate
When connecting to https:// my.company.com I see that the SSL certificate is a valid one from VeriSign, but when I choice the profile tunnel, it told me “Certificate Validation Failure”
Could someone help me, I think I did right understand something..
Thanks
- Labels:
-
AnyConnect

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2010 08:25 AM
Hello,
Is your Local CAs certificate installed as a CA cert on the ASA? Without that, the ASA won't be able to validate the certificate that you are presenting to it from your local machine.
--Jason
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2010 10:33 AM
Thanks for your answer, but I dont really understant your question, our company
CA is a windows based and all laptop on our company domain have a certificate from this CA.
I installed a SSL certificate from VeriSigne to our ASA WAN interface in order to have https for the link that all our client with them laptop connect by web browser to get anyconnect client.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2010 01:11 AM
Is there someone that can give me an answer?
Thanks
