Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7319
Views
5
Helpful
4
Replies

Anyconect 4.6 Untrusted Server Certificate

Go to solution
Douglas Pereira
Level 1
Level 1

‎05-25-2018 11:54 AM - edited ‎07-05-2021 08:40 AM

Hi, I configured and installed the Cisco Anconnect 4.6, but allways when we initiate the VPN I receive a Windows with mesage Untrusted Server Certificate.

 

How can I install this certificate on Windows Machine for don´t show this mesage again?

 

Thanks,

DP

 

 

Labels:
Preview file
45 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Douglas Pereira
Level 1
Level 1

‎07-31-2018 11:31 AM

Hi Guys, sorry for my delay.

 

The customer bought a certificate with FQDN *.domain.com.br, I installed on ASA and the Anyconnect don´t show-me anymore the certificate Untrusted Server.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎05-25-2018 07:04 PM - edited ‎05-25-2018 07:04 PM

Hi

You're receiving this message because the certificate on asa is a self signed certificate not trusted by any public ca you've in your machine.
The only way to get rid of this message is to install a public certificate for your ssl vpn. You can buy any public certificate using your domain name or you can use letsencrypt to get free public certificates for your domain name. You'll need to see on their website or certbot website. They will show you how to configure a Linux machine to automatically download and renew this public cert valid for 90 days. You'll need to a script to change it on asa if you want it automatic otherwise you'll need to renew it manually every 90 days.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to Francesco Molino

‎05-28-2018 06:40 AM

Not sure, but can't he use the Cisco AnyConnect Profile Editor and pack the certificate into the package and deploy that on the endpoints?
Not sure if it needs a software delivery system separate from the ASA for deployment or if you can pack it onto the ASA though.
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to patoberli

‎05-28-2018 04:02 PM

The certificate error you're getting is from the host unable to validate this certificate. If it's an internal certificate from internal PKI you'll need to add your internal root and subca into your trusted certs. However, if it's a self signed, you have no way to validate this cert as it's a self signed which means no authority signed it and then no authority cert to insert in your trusted cert folder

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Douglas Pereira
Level 1
Level 1

‎07-31-2018 11:31 AM

Hi Guys, sorry for my delay.

 

The customer bought a certificate with FQDN *.domain.com.br, I installed on ASA and the Anyconnect don´t show-me anymore the certificate Untrusted Server.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card