cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
731
Views
0
Helpful
12
Replies
Highlighted
Beginner

Getting error -no valid certificates available for authentication - When connecting anyconncet

I am able to connect it successfully but why this error msg coming that i dont know

 

Actually In MY setup FTD 2110 with ASA and created Two Context

(ASA Firmware -ASA Version 9.12(3)12) Anyconnect Version :- 4.8.03052

IN Context A i am able to connect anyconnect without this error msg 

In Context B i am able to connect anyconncet and getting this error msg 

 

I have installed 3rd party certificate for SSL VPN which get from digicert 

 

I need help to solve this issue

 

For reference purpose i have attached error screenshot with this

 

Regards,

Harmesh Yadav

 

12 REPLIES 12
Highlighted
VIP Advisor

Hi,
Does the client computer have a certificate issued from the same CA that Context A ASA does?
And is this CA is different from Context B ASA?
Highlighted

both context having same wildcard certificate installed which is purchased from digicert .

Highlighted

both context having same wildcard certificate installed which is purchased from digicert .

Highlighted

Dear Team,

 

We are waiting for your reply 

Highlighted

@Rob Ingram was asking about the CLIENT certificate.

The error you are getting is indicative of the VPN connection profile requiring the client to use a certificate for authentication and not finding a valid certificate to authenticate

Highlighted

Hi,

 

Please help me to remove this error

 

i have checked configuration for both context that is showing same so why i am getting error in one context and not in other context 

 

can you please let me know what configuration need to check for this error?

 

Actually i have not configured authentication for anyconnect profile .

 

Regards,

Harmesh Yadav

Highlighted

You need to establish an authentication method. Until you do that, you may get unhelpful errors as the connection will try various defaults which may not be appropriate for what you want.

Highlighted

Actually its working properly

 

For authentication i have configured Radius authentication .- radius authentication  Requesting to ISE --> ISE have active directory  integrated . Already .

and its working properly for both context

 

So i dont have problem for authentication and user can access destination which we have defined .

 

So all configuration is working properly - But i am getting this error when i trying to connect - But after that  use able to connect and use given resources

 

My main question is that We did same type of configuration in both Context

 

Still we are getting error in one context and not in other why it so .

 

Regards,

Harmesh Yadav

 

 

 

Highlighted

Is it a wildcard certificate?

Do both contexts' interface addresses to which you connect to have a resolvable FQDN that matches the certificate?

Highlighted

Yes i have installed wildcard certificate for SSL VPN URL

 

but actually what configuration i need to change to remove this error that i am not getting

 

Regards,

Harmesh Yadav

 

Highlighted

Could you answer my earlier question?

"Do both contexts' interface addresses to which you connect to have a resolvable FQDN that matches the certificate?"

Highlighted

Yes 

 

FQDN is resolvable for both Interface address for each context .

 

Each context has separate wan address and interface, FQDN also different but last domian is maching with wildcard certificate.

 

Regards,

Harmesh Yadav