Re: Getting error -no valid certificates available for authentication - When connecting anyconncet

harmesh88 · ‎08-08-2020

I am able to connect it successfully but why this error msg coming that i dont know

Actually In MY setup FTD 2110 with ASA and created Two Context

(ASA Firmware -ASA Version 9.12(3)12) Anyconnect Version :- 4.8.03052

IN Context A i am able to connect anyconnect without this error msg

In Context B i am able to connect anyconncet and getting this error msg

I have installed 3rd party certificate for SSL VPN which get from digicert

I need help to solve this issue

For reference purpose i have attached error screenshot with this

Regards,

Harmesh Yadav

Rob Ingram · ‎08-08-2020

Hi,
Does the client computer have a certificate issued from the same CA that Context A ASA does?
And is this CA is different from Context B ASA?

harmesh88 · ‎08-08-2020

both context having same wildcard certificate installed which is purchased from digicert .

harmesh88 · ‎08-08-2020

both context having same wildcard certificate installed which is purchased from digicert .

harmesh88 · ‎08-10-2020

Dear Team,

We are waiting for your reply

Marvin Rhoads · ‎08-10-2020

@Rob Ingram was asking about the CLIENT certificate.

The error you are getting is indicative of the VPN connection profile requiring the client to use a certificate for authentication and not finding a valid certificate to authenticate

harmesh88 · ‎08-13-2020

Hi,

Please help me to remove this error

i have checked configuration for both context that is showing same so why i am getting error in one context and not in other context

can you please let me know what configuration need to check for this error?

Actually i have not configured authentication for anyconnect profile .

Regards,

Harmesh Yadav

Marvin Rhoads · ‎08-14-2020

You need to establish an authentication method. Until you do that, you may get unhelpful errors as the connection will try various defaults which may not be appropriate for what you want.

harmesh88 · ‎08-15-2020

Actually its working properly

For authentication i have configured Radius authentication .- radius authentication Requesting to ISE --> ISE have active directory integrated . Already .

and its working properly for both context

So i dont have problem for authentication and user can access destination which we have defined .

So all configuration is working properly - But i am getting this error when i trying to connect - But after that use able to connect and use given resources

My main question is that We did same type of configuration in both Context

Still we are getting error in one context and not in other why it so .

Regards,

Harmesh Yadav

Marvin Rhoads · ‎08-15-2020

Is it a wildcard certificate?

Do both contexts' interface addresses to which you connect to have a resolvable FQDN that matches the certificate?

harmesh88 · ‎08-15-2020

Yes i have installed wildcard certificate for SSL VPN URL

but actually what configuration i need to change to remove this error that i am not getting

Regards,

Harmesh Yadav

Marvin Rhoads · ‎08-16-2020

Could you answer my earlier question?

"Do both contexts' interface addresses to which you connect to have a resolvable FQDN that matches the certificate?"

harmesh88 · ‎08-16-2020

Yes

FQDN is resolvable for both Interface address for each context .

Each context has separate wan address and interface, FQDN also different but last domian is maching with wildcard certificate.

Regards,

Harmesh Yadav