Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
503
Views
0
Helpful
1
Replies

Test

KevinYounil1
Level 1
Level 1

‎01-18-2018 01:20 PM - edited ‎03-12-2019 04:55 AM

Test

Labels:
0 Helpful
1 Reply 1

Bogdan Nita
VIP Alumni
VIP Alumni

‎01-18-2018 02:31 PM

Anyconnect uses one certificate for authentication.

By default is going to look in all the certification stores, but you can set it up to look in the machine or user cert store.

You can also let the users select the certificate using the disable automatic cert selection option in the xml.

For more details on how the ASA searches for the certificate have a look at Configure Which Certificate Stores to Use section:

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/configure-vpn.html#ID-1428-00000555

 

I believe the identity certificate and the immediate intermediate CA certificate need to in the same trustpoint.

You can control the certificate used for ssl vpn on the asa with: ssl trust-point Trustpoint OUTSIDE

 

HTH

Bogdan

0 Helpful
Customers Also Viewed These Support Documents