Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9778
Views
0
Helpful
4
Replies

Cisco anyconnect 3.1 - Certificate Validation Failure.

krs4keshara
Level 1
Level 1

‎12-27-2013 10:46 AM - edited ‎02-21-2020 07:24 PM

When i try to start a SSL VPN connection to the ASA(8.4) with anyconnect 3.1, Cisco anyconnect receives a message saying "No Valid Certificates Available for Authentication".

Prior to the test;

     On the ASA, i have obtain CA certificate and its identity certificate. (Both certificates obtain from windows 2008 CA).

          * ASA identity certificate's have EKU attribute = Server Authentication,   Key Usage = Digital Signature, Key Encipherment.

     On the PC in which anyconnect installed, i have obtain User Certificate (this User certificate also obtain from the same windows 2008 CA)

          * Prior to obtaining User certificate from the windows2008 CA, ASA acts as a SCEP proxy onbehalf of the client PC.

          * User Certificate's has EKU attribute = Client Authentication.

As in the ASDM Logs, it almost work.

     asdm log.png

In days of troubleshooting, i still could not find the cause of this problem. Error message as appeared on anyconnect;

     anyconnect3.1 error.PNG

Is there anyone could help.???

Keshara from Sri Lanka.

2 people had this problem
Labels:
0 Helpful
4 Replies 4

robwalsh
Level 1
Level 1

‎08-24-2014 08:12 PM

Just run into this as well. We have CRL checking turned on. Turned out to be the CRL server was down. But that was the same message I got when the client wouldn't connect. 

0 Helpful

AshT
Level 1
Level 1

‎09-05-2017 02:20 PM

Have you solved it?

0 Helpful

0PfkIRUO8VELFU
Level 1
Level 1
In response to AshT

‎09-21-2017 02:24 AM

Hello,

I'm using Anyconnect with a Machine certificate to autheticate : it works with Windows PC (having xml profile in C:\ProgramData\Cisco\Anyconnect\Profile ) but not with Mac OS (with same xml file in /opt/cisco/anyconnect/profile).

With Mac OS : "Certificate validation failure" message pops up when trying to connect !

In Anyconnect messages : "No valid certificates available for authentication"

It seems like the certificate is not found on the Mac.

Do you know if there is differences in the XML file between a Mac from a Windows PC ?

Thanks for your help,

0 Helpful

AshT
Level 1
Level 1
In response to 0PfkIRUO8VELFU

‎09-21-2017 02:32 AM

Can you share xml file ?
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents