My company uses the Cisco AnyConnect VPN which needs to be connected for me to access most of our internal systems. However, today it stopped working completely and gives me the error message "Certificate Validation Failure."
I'm on Mac OS Catalina. I think this has something to do with the "keychain access" thing. Last night I was having issues downloading and installing something completely unrelated...it was asking me for my keychain password which I've never set or at least don't know what it is. So I was attempting to find out how where that's located and if I can reset it. My digging around may have broken something since it seems "keychains" and "certifications" are related. I don't know for sure but I think this is relevant to share because the VPN stopped working this morning right after trying to install that other app.
My company has our own App store. I tried uninstalling the anyconnect app in there, then re-installing. That didn't work. Reading some of these discussion posts and googling the error, everything is very technical and geared toward developers or enterprise users it seems. I'm non-technical working in a line of business, just using this VPN on my laptop for my individual remote access to our systems.
Please any help would be so appreciated! I can't get anything done until I fix this. Our tech support is so difficult to get in touch with especially during this time, and I'm really unsure if this is a Mac issue, Cisco issue, my company issue...all of which have different hotlines to call. Having spent all day doing that I got just about nowhere. Thank you
From what you describe, there is a 90% + chance that the problem is local to your computer.
Try browsing to the VPN address using Safari and see if your browser also gives a warning about the certificate. Both remote access SSL VPN and the portal for the service (as seen in the browser) present the same certificate to users.
By default the address is in the AnyConnect client GUI. If you organization has overriden that default to put something else in the list then the actual location is still stored in the profile. On MacOS, the profile is stored in /opt/cisco/anyconnect/profile. There will be an xml file there with a section like this:
<ServerList> <HostEntry> <HostName>(user-friendly name)</HostName> <HostAddress>(actual server FQDN or address)</HostAddress> </HostEntry> </ServerList>