Hi,

Manjunath S Chickmath · ‎07-29-2017

anyconnect client displays the --Untrusted Server block!- How to avoid this message? please le me know what are the options to avoid this message without buying cert

- have tried to used self signed certificate for ASA via cli and add cert in client machine , no use

-changing anconnect settings also display as Security warning untrused server

Aditya Ganjoo · ‎07-29-2017

Hi,

Until you have a third party SSL certificate installed on the ASA clients would be getting this error.

For installing a self signed cert you need to trust the CA certificate and get it installed under Trusted root CA certificate store on the client.

Here is a good link to install the third party SSL cert:

http://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html

Regards,

Aditya

Please rate helpful and rate correct answers

Manjunath S Chickmath · ‎07-30-2017

thank you, is there a mandatory to have ssl vpn ASA Portal ip to be mapped to any external paid domain. example https://1.1.1.1 ----> asa.ssl.example.com to get the third party SSL certificate??

Aditya Ganjoo · ‎07-30-2017

Hi,

Yes, if you do not want to see the message popup then you need to have a 3rd party certificate.

It will also be easy for the end users since they do not have to install the Root CA manually on their workstations.

Regards,

Aditya

Please rate helpful and mark correct answers

shepherdmak · ‎05-16-2018

Thank you, Very helpful