cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
867
Views
0
Helpful
3
Replies

FTD VPN machine certificate based authentication.

Matt Cole
Level 1
Level 1

Hi,

Has any one had success with FTD machine certificate based authentication?  I have user certificate based authentication working  but I cannot get machine certificate based authentication to work.  The same Microsoft CA signs both the user and machine certificate.  when I launch anyconnect I get prompted for a certificate to choose and If I select the user certificate it works.  If i chose the computer/machine certificate it fails.  Certificate validation failure. 

3 Replies 3

Hi,

If the user is not an administrator they do not have acces to the machine certificate store, only the user certificate store. You can use the Certificate Store Override option, which allows AnyConnect to access the machine certificate store.

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/administration/guide/b_AnyConnect_Administrator_Guide_4-9/configure_vpn.html

 

HTH

 

 

User has access to machine certificate store as I can select it.

I assumed since I could select the certificate anyconnect client had full access.  Running the anyconnect client as administrator allowed the computer certificate to work.

Certificate Store Override setting is ticked however it still doesnt work without running the client as administrator.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: