Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3452
Views
0
Helpful
0
Replies

Anyconnect - Your Certificate is invalid for the selected group - Cisco ASA 5510

Darren Lapierre
Level 4
Level 4

‎02-01-2013 09:36 AM - edited ‎02-21-2020 06:40 PM

Good morning,

So I have been struggling with this one for a little while now. I am hoping someone on these board could possibly point out what I am missing here.

I have a Cisco ASA 5510 and am looking to deploy Anyconnect. I had everything working with a self-signed cert, but once I moved to a signed SSL cert (godaddy), things seemed to stop working.

The cert itself works fine, but I keep getting this error in the Anyconnect client: "Your certificate is invalide for the selected group". It seemeds to me that the my SSL group doesnt have permissions to authenticate? I am unsure.

My users are using AAA, which is pointing to my AD. The AD is working fine (I can SSH into the FW using AD authent).

I also seem to not be able to figure out which debug command would show me perhaps the 'point of failure' in the anyconnect ssl client connection. Which would be the best command to use in this case?

I went through so many forums, and I just seem to be missing something. Can anyone point me in a direction that I need to go? If there is anything else someone requires, please do not hesitate to let me know.

Thanks,

Darren

1 person had this problem
Labels:
142518-cisco-asa-sho-run-scrubbed.txt.zip
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents