cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1063
Views
0
Helpful
4
Replies

Anyconnect defaults to selfsigned certificate

andy_4578
Level 1
Level 1

Were trying to set up Anyconnect ssl VPN to use certificate auth which is working although the user has to choose the certificate during the connection process rather than an automated process.

 

At the moment Anyconnect prompts during the connection process (see attached image) and defaults to a self signed cert.  the user can click on "more choices" and select the correct certificate which then allows them to connect successfully but we dont want users to have to do this.  How can we force the connection to use the correct cert?

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

based on the cert that is expired 2016, you need to get CA FQDN certificate and install, so you will not get warning.

 

Your CA should be generating Client Authentication EKU certificates to be picked by anyconnect client and used for authentication.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

The cert hasnt expired, the ASA has a trustpoint configured with a valid GoDaddy cert until 2022.  When that prompt appears (as shown in the screen shot), the user clicks on "more choices" and then selects the correct certificate which works connects successfully.

 

We dont want the users to have to select the certificate first.

I've managed to resolve.

 

The option "enable automatic certificate selection" wasn't enabled in the Anyconnect client.

Glad all working as expected..yes you need to opt that option to activate.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help