I am attempting to preform AAA and certificate authentication for a specific profile for AnyConnect clients hitting my ASA5550. I am running 8.2 and have everything working except when I turn on the certificate matching. I am wondering if certificate matching is restricted to certs in the "personal" store on Windows machines of if it can be against a Domain cert in the Trusted Root store.
Also, what debugging can I do to see what exactly is failing when I attempt this configuration?
I have set the match criteris via the xml group policy which is attached (detail removed).