DART on Anyconnect Certificate issue

WonderfulIT · ‎05-30-2019

Hi all,

I've just configured Anyconnect on an ISR4431 and when i go to connect it shows as failed as "no valid certificates available for authentication" but i'm struggling to find where in the DART package it will tell me why ? There seems to be a lot of information here but i've not used DART before so unsure which part to check ?

When i first tried to connect FYI it says Certificate does not match the server name and is from an untrusted source however it DOES match the name and i've imported it into the local PC cert store.

If someone could advise ?

Thanks

Ian

Pablo · ‎06-03-2019

That error message can be misleading sometimes, a couple of important things to check:

The cert can’t be self-signed, it must be issued by a public or private CA.

The cert’s subject name needs to match exactly what you defined in your XML profile <HostAddress>vpn.blah.com</HostAddress>

If the IOS-XE running is older than 16.9.1, make sure you set the BypassDownloader to ‘true’ on your profile.

IOS-XE FlexVPN with Anyconnect

DART on Anyconnect Certificate issue

Collecter bundle DART pour AnyConnect

Secure Client (AnyConnect)のCertificate Matching機能について

DART 取得方法 (Windows10)

DART 取得方法 (Windows11)

Umbrella: Cisco Secure Client の DART について (Windows 版)