cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
101614
Views
54
Helpful
28
Replies
liambreathnach
Beginner

Cisco AnyConnect - removing Certificate Blocked Error Dialog

Hi, I have a question regardging Cisco Anyconnect Secure Mobility Client, version 3.1.00495. Installed on W7 Enterprise 32-bit.

It's working fine, but I notice when I first use it I am prompted by "Certificate Blocked Error Dialog", visible on this link as Figure 3.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html

The dialog box says "Untrusted VPN Server!" with the option to "Change Setting" or "Keep Me Safe". If you click Change Setting you can then uncheck "Block connections to untrusted servers" etc and connect then. Once the connection is successful you are not prompted again about this.

I am wondering if I'm deploying this software to many users, how can avoid this pop-up from appearing from for them all, to make the process as seamless as possible? Is there something I can do to pre-stage these settings somewhere? etc?

Thanks in advance?

28 REPLIES 28

Intermediate Cert:

Identity Cert

Thanks

Yeahp, the trial flag is in there, so the browser will not consider it as a trusted certificate unless you install the CA in the machine.

Thanks.

I've installed the root and intermediate certs but same thing.

where exactly does the client search for the certs?

Thanks.

What if you try through the Web browser?

Thanks in advance.

What about the CN on the identity cert of the ASA?  Is the outside IP or the DNS name associated to the IP?

Thanks.

CN is the DNS name.

I've tried through the Web browser but same warning.

Thanks.

Please attach.

Thanks.

what would like me to attach?

Thanks.

Hi Javier,

I'm using an internal Root CA(Microsoft AD) and my computers are also part of the domain and they trust the Root CA. I've imported the Root CA into ASA and applied a certificate into the Identity Certificate Store... even so We're keep getting this warning.

Please help

Regards,

AM 

Sasha Tchepourko
Beginner

Guys,

Did you get this sorted? As I'm having the same issues but only on Android and Linux Ubuntu devices. I've tested on Windows, Mac, iOS - all seem to have no issues, but android and linux don't see the certificate as being legit and should be trusted. I've now tested with certificates from 2 CAs - AusCERT and Thawte SSL CA.

Yes this is getting silly, we have a valid Entrust cert where the SAN matches DNS and CN and it's applied to the ASA. The Anyconnect client errors only from IOS and Windows 8. Windows IE to the ASA shows a valid cert and its' Anyconnect does not error.

Opened a case on this as I'm guessing it requires more than one cert for IOS and Win8 from Entrust 2048

I will post the results

Bob James

@bjames@snetworks.com

I had this issue and I open a ticket. It took 3 days and still didn't find an answer for my case. However, until I thought about changing something at Anyconnect Client profile. As long you have a vaild cert and everything is matching correctly

My Solution was:

The Server is seeing the connection as IP address when it is expecting URL address. Therefore, it is blocking it. When you edit the server list to match the URL of Cert, then It will allow it

Try the following steps,

1.  Click on Anyconnect Client profile

2.  Edit Anyconnect_Group profile

3.  Edit Server list

4. Add or Edit the hostname (You will see IP address, however, your cert is URL address ) So you have to add it or delete the IP address and keep URL )

5. Host display: Remote.exmaple.com and FQDN: Remote.example.com

** Your cert that you applied for the interface must match the URL otherwise it won't work. So you can make your Cert

(( *.example.com )) and it should match any URL you give



Qousai Edelbi
CCNP,CCDA
Lead Network Security Administrator

Hi Qousai Edelbi

I use a valid certificate from StartSSL.com and got this error message despite of this fact. Actually everything should work but I got this ugliy error until I followed your steps. Now the error message is gone. Thank you for posting your solution.

Beste Regards

Marco

Alcides Miguel
Beginner

Hi Liambreathnach,

 

Did you resolved this issue? if yes how? can you tell me the procedure?

 

best regards,

AM

Content for Community-Ad