06-19-2015 11:57 AM - edited 02-21-2020 08:17 PM
hi,
I have a valid cert installed on ASA and all users except for few Mac OS users have reported Anyconnect certificate error message:
"Security Warning : Untrusted VPN server certificate
Anyconnect cannot verify VPN server : x.x.x.x
Certificate does not match the server name"
This is appearing for only few Anyconnect userson Mac OS. Everyoen else has no issue.
What ould be causing this? Any suggestions please.
06-19-2015 12:22 PM
Hi Fawad,
Could you please check what is the DNS name (Domain Name System) specified in the SAN field (Subject Alternative Name) or, the FQDN (Fully Qualified Domain Name) or, the CN (Common Name) in the subject-name of the certificate.
Please make sure that the mac users are using the same name while connecting. Probably, the certificate has cn name as asa.cisco.com and lets say that the public ip address of the ASA is 1.1.1.1 then the mac users are connecting to 1.1.1.1 or vice versa.
In order to fix this issue, either the DNS should be setup in such a way that SAN DNS or FQDN or CN (in this case “asa.cisco.com”) resolves to the server’s IP address, or the user can manually make an entry on the host file in the client PC.
Host file location can be found on
Windows – C:\windows\system32\drivers\etc\hosts,
MAC - /private/etc/hosts,
Linux - /etc/hosts.
Please let me know if this helps.
Thanks,
Vishnu
06-20-2015 02:17 AM
hi Vishnu,
The DNS entry CN name are all correct. The user is connecting on name using anyconnect.
This is working fine for all users EXCEPT for a Mac OS users. So I do not think there is any issue with certificate itself. I have suspicion that it could be either a bug in anyconnect or some setting on Mac OS, or may be it is using old certificate information.
06-20-2015 07:11 AM
I see exclamation marki n the certificate "Key usage" and "Basic Constraints" .
I am not sure if this tells a problem the Mac OS cannot handle and gives certificate error.
I am looking for a way to override this.
08-16-2021 07:54 PM
Did you ever find the fix for above, having same issue with all my mac devices
08-16-2021 11:06 AM
What was the fix for this I am having the same issue with AnyConnect on MacOS devices?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide