Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
728
Views
0
Helpful
1
Replies

Code Signing certificates - AnyConnect Client

anand_rahul13
Level 1
Level 1

‎11-22-2016 05:42 PM - edited ‎02-21-2020 09:03 PM

Hi All,

I came across this article where Microsoft is saying that they will not be supporting AnyConnect clients signed with SHA-1.

Cisco has recommended to upgrade to AnyConnect release 3.1.13015, the future version of AnyConnect 4.2 MR, or AnyConnect 4.3+ releases in order to keep their AnyConnect functional on Windows platforms after January 1, 2017  .

"Microsoft No Longer Supporting SHA-1—A secure gateway with a SHA-1 certificate or a certificate with SHA-1 intermediate certificates is considered valid by a Windows endpoint until January 2017.

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html

My question is that we are using AnyConnect Client version - anyconnect-win-3.1.14018-k9, as this is the latest versiuon available on Cisco.com site.

Is this AnyConnect Client is Code signed by SHA-2 or SHA-1?

Does this client is going to have issue after Jan1, 2017?

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

JP Miranda Z
Cisco Employee
Cisco Employee

‎11-22-2016 08:29 PM

Hi anand_rahul13,

As per the documentation the latest AnyConnect version should not have any issue after Jan1 2017:

Cisco has recommended to upgrade to AnyConnect release 3.1.13015, the future version of AnyConnect 4.2 MR, or AnyConnect 4.3+ releases in order to keep their AnyConnect functional on Windows platforms after January 1, 2017 

There is already an EOL and EOS:

http://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/eos-eol-notice-c51-734084.html

Which does not means is going to be end of support so you should be able to stay on AnyConnect 3.1.14018 without any problem.

Hope this info helps!!

Rate if helps you!! 

-JP-

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents