cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

1305
Views
0
Helpful
4
Replies

Anyconect 4.6 Untrusted Server Certificate

Hi, I configured and installed the Cisco Anconnect 4.6, but allways when we initiate the VPN I receive a Windows with mesage Untrusted Server Certificate.

 

How can I install this certificate on Windows Machine for don´t show this mesage again?

 

Thanks,

DP

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Anyconect 4.6 Untrusted Server Certificate

Hi Guys, sorry for my delay.

 

The customer bought a certificate with FQDN *.domain.com.br, I installed on ASA and the Anyconnect don´t show-me anymore the certificate Untrusted Server.

View solution in original post

4 REPLIES 4
VIP Advisor

Re: Anyconect 4.6 Untrusted Server Certificate

Hi

You're receiving this message because the certificate on asa is a self signed certificate not trusted by any public ca you've in your machine.
The only way to get rid of this message is to install a public certificate for your ssl vpn. You can buy any public certificate using your domain name or you can use letsencrypt to get free public certificates for your domain name. You'll need to see on their website or certbot website. They will show you how to configure a Linux machine to automatically download and renew this public cert valid for 90 days. You'll need to a script to change it on asa if you want it automatic otherwise you'll need to renew it manually every 90 days.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
VIP Advocate

Re: Anyconect 4.6 Untrusted Server Certificate

Not sure, but can't he use the Cisco AnyConnect Profile Editor and pack the certificate into the package and deploy that on the endpoints?
Not sure if it needs a software delivery system separate from the ASA for deployment or if you can pack it onto the ASA though.
VIP Advisor

Re: Anyconect 4.6 Untrusted Server Certificate

The certificate error you're getting is from the host unable to validate this certificate. If it's an internal certificate from internal PKI you'll need to add your internal root and subca into your trusted certs. However, if it's a self signed, you have no way to validate this cert as it's a self signed which means no authority signed it and then no authority cert to insert in your trusted cert folder

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Re: Anyconect 4.6 Untrusted Server Certificate

Hi Guys, sorry for my delay.

 

The customer bought a certificate with FQDN *.domain.com.br, I installed on ASA and the Anyconnect don´t show-me anymore the certificate Untrusted Server.

View solution in original post

CreatePlease to create content
Content for Community-Ad

August's Community Spotlight Awards