I have attempted this with

mialbert · ‎06-22-2015

Can you still install anyconnect essentials ssl vpn, on the latest clients, with a self signed certificate? I thought that the newer clients were doing a check for a field that only a third party cert would have. This is a nuisance when trying to stage a quick test environment so i'd like to still do this with a self signed cert if can.

Marvin Rhoads · ‎06-22-2015

You can use self-signed certificates on the ASA for remote access SSL VPN - even with the current AnyConnect Secure Mobility Client 4.1 and ASA 9.4(1).

You may need to jump through a few more hoops (click accept and/or import certificate etc.) to make it work; but it's certainly a supported method.

Like any other feature, it can be misconfigured in ways that will make it fail.

NeverOutofTune · ‎02-04-2016

I have attempted this with ASA 9.4(1) and Secure Mobility Client 4.1 with procedures I have used and other I have found through searches (althogh most procedures I found were for Cliet version 3.x).

I just cannot get rid of the "Certificate does not match the server name" and "Certificate is from an untrusted source".

Does anyone have a procedure that has worked with ASA 9.4(1) and client 4.1?

NeverOutofTune · ‎02-04-2016

I found a fix my problem. I had to issue the following command config command:

ssl cipher tlsv1.2 custom

"AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA:RC4-SHA:RC4-MD5"

This is explained at:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html#51000

in the Important Notes section.

anyconnect with self signed certificate