12-27-2013 10:46 AM - edited 02-21-2020 07:24 PM
When i try to start a SSL VPN connection to the ASA(8.4) with anyconnect 3.1, Cisco anyconnect receives a message saying "No Valid Certificates Available for Authentication".
Prior to the test;
On the ASA, i have obtain CA certificate and its identity certificate. (Both certificates obtain from windows 2008 CA).
* ASA identity certificate's have EKU attribute = Server Authentication, Key Usage = Digital Signature, Key Encipherment.
On the PC in which anyconnect installed, i have obtain User Certificate (this User certificate also obtain from the same windows 2008 CA)
* Prior to obtaining User certificate from the windows2008 CA, ASA acts as a SCEP proxy onbehalf of the client PC.
* User Certificate's has EKU attribute = Client Authentication.
As in the ASDM Logs, it almost work.
In days of troubleshooting, i still could not find the cause of this problem. Error message as appeared on anyconnect;
Is there anyone could help.???
Keshara from Sri Lanka.
08-24-2014 08:12 PM
Just run into this as well. We have CRL checking turned on. Turned out to be the CRL server was down. But that was the same message I got when the client wouldn't connect.
09-05-2017 02:20 PM
Have you solved it?
09-21-2017 02:24 AM
Hello,
I'm using Anyconnect with a Machine certificate to autheticate : it works with Windows PC (having xml profile in C:\ProgramData\Cisco\Anyconnect\Profile ) but not with Mac OS (with same xml file in /opt/cisco/anyconnect/profile).
With Mac OS : "Certificate validation failure" message pops up when trying to connect !
In Anyconnect messages : "No valid certificates available for authentication"
It seems like the certificate is not found on the Mac.
Do you know if there is differences in the XML file between a Mac from a Windows PC ?
Thanks for your help,
09-21-2017 02:32 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide