Hi Mohammed,

thanks for your advice.

I am not asked to grant permission during installation. I am only asked to allow socket filtering extension.

Also, there is no possibility to grant access to Keychain in privacy. There is no Keychain at all.

I set "Allow all applications to access this item" for my certificate's private key but not helped.

Marek

Hi Mohammed,  I have this same issue and I am following your instructions to this path:  system preferences > security and privacy > privacy.  I don't see anything in the Privacy tab that relates to Anyconnect.  Can you explain more?

I do not see the client/private path on my machine and I am having this same issue.

The app cannot access the keychain but I can choose the cert and it workson web browser

You need to create new ones:

​            mkdir -p /Users/$USER/.cisco/certificates/ca

            mkdir -p /Users/$USER/.cisco/certificates/client

            mkdir -p /Users/$USER/.cisco/certificates/client/private

then copy your certificates there. This worked for me. I also had to convert my client pfx certificate to pem and key.

I only have the files as .cer can I convert those? If so how?

I think there is a lots of examples in the internet.

You can open your files and check if they are in DER or PEM format. If the files' content starts with something like "-----BEGIN CERTIFICATE-----"  it is PEM format and you can only change theirs extension to .pem.

If your files are in DER, you can use for example "openssl x509 -inform der -in certificate.cer -out certificate.pem".