02-27-2019 08:12 AM - edited 02-21-2020 09:34 PM
We use the ASA as a CA for some client certs as 2FA when needed. Now that iOS 12 requires the new Anyconnect (non-legacy) client, we find it will no longer install these certs. I've even exported the cert from the ASA and manually installed it in the keychain, but Anyconnect refuses to find/acknowledge it.
I've read that the SHA1-only certs that ASAs produce could be the problem, does anyone have a work-around?
02-27-2019 07:47 PM
02-28-2019 03:49 AM
Guidelines and Limitations
So while that is an ideal suggestion, in practice my question still remains unanswered.
02-28-2019 05:34 AM
I don't know if there is any easy way around it. I do not think Sha2 certs have been implemented on the ASA as local CA yet.
Have you tried the workaround provided by the user in this thread:
02-28-2019 07:06 AM
Unfortunately, enhancement bug for Sha2 local CA certs has not yet been fixed:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux74639
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: