02-27-2019 08:12 AM - edited 02-21-2020 09:34 PM
We use the ASA as a CA for some client certs as 2FA when needed. Now that iOS 12 requires the new Anyconnect (non-legacy) client, we find it will no longer install these certs. I've even exported the cert from the ASA and manually installed it in the keychain, but Anyconnect refuses to find/acknowledge it.
I've read that the SHA1-only certs that ASAs produce could be the problem, does anyone have a work-around?
02-27-2019 07:47 PM
02-28-2019 03:49 AM
Guidelines and Limitations
So while that is an ideal suggestion, in practice my question still remains unanswered.
02-28-2019 05:34 AM
I don't know if there is any easy way around it. I do not think Sha2 certs have been implemented on the ASA as local CA yet.
Have you tried the workaround provided by the user in this thread:
02-28-2019 07:06 AM
Unfortunately, enhancement bug for Sha2 local CA certs has not yet been fixed:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux74639
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide