I ran into this exact same

dchew · ‎11-05-2013

We are receiving a "certificate validation failure" when checking for a machine certificate to authenticate to VPN.

The have the client and profile working find on various window version including win 8, but when we started deploying it on Win 8.1 we are receiving the certificate failure.

Anyone know how to debug certificate validation failures? Are there any compability issue or bugs with Win 8.1 and machine certificate checks.

We are running Cisco AnyConnect v3.1.03103.

In the AnyConnect Connection Profile we have AAA (Radius) and Certificate selected as the authentication method. We also have some certificate matching parameters enable on the anyconnect client profile.

Please help.

Thanks,

rahulkataria · ‎02-24-2014

Did you get any solution? I would appreciate if you could share it.

thanks

rstaats · ‎05-28-2014

I ran into this exact same issue. Using both AAA and Certificate authentication the Windows 7 machines worked just fine. But once my customer started using Windows 8.1 those systems would fail to connect with the error message "Certificate Validation Failure".

TAC discovered that the following encryption types were missing from the ASA. These had probably been removed from the config long ago and never caused an issue until they started rolling out Windows 8.1.

Adding the following command to the ASA resolved the issue:

ssl encryption aes256-sha1 aes128-sha1 3des-sha1 rc4-sha1 rc4-md5

Certificate failure on Windows 8.1