06-29-2022 11:10 AM - edited 06-30-2022 02:14 PM
Hi,
I have installed Cisco AnyConnect Secure Mobility Client 4.10.00093 on macOS Monterey 12.4. I still getting error - No valid certificates available for authentication. I have uploaded my client certificate to login and system keychain.
Is there anything I should do to get VPN client work?
I also tried to set <AutomaticCertSelection>false</AutomaticCertSelection> to display certificate selection dialog but nothing happen.
Thanks,
Marek
06-30-2022 11:32 PM
07-01-2022 01:54 AM
Hi Mohammed,
thanks for your advice.
I am not asked to grant permission during installation. I am only asked to allow socket filtering extension.
Also, there is no possibility to grant access to Keychain in privacy. There is no Keychain at all.
I set "Allow all applications to access this item" for my certificate's private key but not helped.
Marek
09-30-2022 06:34 AM
Hi Mohammed, I have this same issue and I am following your instructions to this path: system preferences > security and privacy > privacy. I don't see anything in the Privacy tab that relates to Anyconnect. Can you explain more?
07-02-2022 12:29 PM - edited 07-02-2022 12:29 PM
Hi
I have converted client certificate to pem/key and copied to /Users/user/.cisco/certificates/client and /Users/user/.cisco/certificates/client/private to get VPN working.
Still I do not understand why the client cant load certificates from Keychain. I also have own root CA in Keychain. Web browser is able to accept this root CA but AnyConnect not. There is no an error about access to Keychain in system log.
Marek
03-03-2023 12:13 PM
I do not see the client/private path on my machine and I am having this same issue.
The app cannot access the keychain but I can choose the cert and it workson web browser
03-04-2023 08:52 AM
You need to create new ones:
mkdir -p /Users/$USER/.cisco/certificates/ca
mkdir -p /Users/$USER/.cisco/certificates/client
mkdir -p /Users/$USER/.cisco/certificates/client/private
then copy your certificates there. This worked for me. I also had to convert my client pfx certificate to pem and key.
03-08-2023 09:04 AM
I only have the files as .cer can I convert those? If so how?
03-08-2023 10:52 AM - edited 03-08-2023 10:53 AM
I think there is a lots of examples in the internet.
You can open your files and check if they are in DER or PEM format. If the files' content starts with something like "-----BEGIN CERTIFICATE-----" it is PEM format and you can only change theirs extension to .pem.
If your files are in DER, you can use for example "openssl x509 -inform der -in certificate.cer -out certificate.pem".
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide