Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
916
Views
0
Helpful
1
Replies

DART on Anyconnect Certificate issue

WonderfulIT
Level 1
Level 1

‎05-30-2019 08:06 AM - edited ‎05-30-2019 08:12 AM

Hi all,

 

I've just configured Anyconnect on an ISR4431 and when i go to connect it shows as failed as "no valid certificates available for authentication" but i'm struggling to find where in the DART package it will tell me why ? There seems to be a lot of information here but i've not used DART before so unsure which part to check ?

When i first tried to connect FYI it says Certificate does not match the server name and is from an untrusted source however it DOES match the name and i've imported it into the local PC cert store.

 

If someone could advise ?

 

Thanks

 

Ian

Labels:
0 Helpful
1 Reply 1

Pablo
Cisco Employee
Cisco Employee

‎06-03-2019 11:05 PM

That error message can be misleading sometimes, a couple of important things to check:

 

The cert can’t be self-signed, it must be issued by a public or private CA.

 

The cert’s subject name needs to match exactly what you defined in your XML profile <HostAddress>vpn.blah.com</HostAddress>

 

If the IOS-XE running is older than 16.9.1, make sure you set the BypassDownloader to ‘true’ on your profile.

 

IOS-XE FlexVPN with Anyconnect

 

 

0 Helpful
Customers Also Viewed These Support Documents