cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
8921
Views
0
Helpful
4
Replies
krs4keshara
Beginner

Cisco anyconnect 3.1 - Certificate Validation Failure.

When i try to start a SSL VPN connection to the ASA(8.4) with anyconnect 3.1, Cisco anyconnect receives a message saying "No Valid Certificates Available for Authentication".

Prior to the test;

     On the ASA, i have obtain CA certificate and its identity certificate. (Both certificates obtain from windows 2008 CA).

          * ASA identity certificate's have EKU attribute = Server Authentication,   Key Usage = Digital Signature, Key Encipherment.

     On the PC in which anyconnect installed, i have obtain User Certificate (this User certificate also obtain from the same windows 2008 CA)

          * Prior to obtaining User certificate from the windows2008 CA, ASA acts as a SCEP proxy onbehalf of the client PC.

          * User Certificate's has EKU attribute = Client Authentication.

As in the ASDM Logs, it almost work.

     asdm log.png

In days of troubleshooting, i still could not find the cause of this problem. Error message as appeared on anyconnect;

     anyconnect3.1 error.PNG

Is there anyone could help.???

Keshara from Sri Lanka.

4 REPLIES 4
robwalsh
Beginner

Just run into this as well. We have CRL checking turned on. Turned out to be the CRL server was down. But that was the same message I got when the client wouldn't connect. 

AshT
Beginner

Have you solved it?

Hello,

I'm using Anyconnect with a Machine certificate to autheticate : it works with Windows PC (having xml profile in C:\ProgramData\Cisco\Anyconnect\Profile ) but not with Mac OS (with same xml file in /opt/cisco/anyconnect/profile).

With Mac OS : "Certificate validation failure" message pops up when trying to connect !

In Anyconnect messages : "No valid certificates available for authentication"

It seems like the certificate is not found on the Mac.

Do you know if there is differences in the XML file between a Mac from a Windows PC ?

Thanks for your help,

Can you share xml file ?
Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (100%)

Content for Community-Ad