Hi, I have a question regardging Cisco Anyconnect Secure Mobility Client, version 3.1.00495. Installed on W7 Enterprise 32-bit.
It's working fine, but I notice when I first use it I am prompted by "Certificate Blocked Error Dialog", visible on this link as Figure 3.
The dialog box says "Untrusted VPN Server!" with the option to "Change Setting" or "Keep Me Safe". If you click Change Setting you can then uncheck "Block connections to untrusted servers" etc and connect then. Once the connection is successful you are not prompted again about this.
I am wondering if I'm deploying this software to many users, how can avoid this pop-up from appearing from for them all, to make the process as seamless as possible? Is there something I can do to pre-stage these settings somewhere? etc?
Thanks in advance?
Yeahp, the trial flag is in there, so the browser will not consider it as a trusted certificate unless you install the CA in the machine.
I'm using an internal Root CA(Microsoft AD) and my computers are also part of the domain and they trust the Root CA. I've imported the Root CA into ASA and applied a certificate into the Identity Certificate Store... even so We're keep getting this warning.
Did you get this sorted? As I'm having the same issues but only on Android and Linux Ubuntu devices. I've tested on Windows, Mac, iOS - all seem to have no issues, but android and linux don't see the certificate as being legit and should be trusted. I've now tested with certificates from 2 CAs - AusCERT and Thawte SSL CA.
Yes this is getting silly, we have a valid Entrust cert where the SAN matches DNS and CN and it's applied to the ASA. The Anyconnect client errors only from IOS and Windows 8. Windows IE to the ASA shows a valid cert and its' Anyconnect does not error.
Opened a case on this as I'm guessing it requires more than one cert for IOS and Win8 from Entrust 2048
I will post the results
I had this issue and I open a ticket. It took 3 days and still didn't find an answer for my case. However, until I thought about changing something at Anyconnect Client profile. As long you have a vaild cert and everything is matching correctly
My Solution was:
The Server is seeing the connection as IP address when it is expecting URL address. Therefore, it is blocking it. When you edit the server list to match the URL of Cert, then It will allow it
Try the following steps,
(( *.example.com )) and it should match any URL you give
Qousai Edelbi CCNP,CCDA
Lead Network Security Administrator
Hi Qousai Edelbi
I use a valid certificate from StartSSL.com and got this error message despite of this fact. Actually everything should work but I got this ugliy error until I followed your steps. Now the error message is gone. Thank you for posting your solution.