We use the ASA as a CA for some client certs as 2FA when needed. Now that iOS 12 requires the new Anyconnect (non-legacy) client, we find it will no longer install these certs. I've even exported the cert from the ASA and manually installed it in the keychain, but Anyconnect refuses to find/acknowledge it.
I've read that the SHA1-only certs that ASAs produce could be the problem, does anyone have a work-around?
Guidelines and Limitations
So while that is an ideal suggestion, in practice my question still remains unanswered.
I don't know if there is any easy way around it. I do not think Sha2 certs have been implemented on the ASA as local CA yet.
Have you tried the workaround provided by the user in this thread:
Unfortunately, enhancement bug for Sha2 local CA certs has not yet been fixed: