cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1351
Views
0
Helpful
6
Replies

AnyConnect client 2.4 and machine certficate

AgressoAB
Level 1
Level 1

Hi All!

I'm trying to configure AnyConnect to use our domain issued machine certificate for authentication together with radius otp password.

My problem is that the AnyConnect client does not find my machine certficate.

I have configured an xml file with:

<CertificateStore>Machine</CertificateStore>

<AutomaticCertSelection UserControllable="false">false</AutomaticCertSelection>

The Anyconnect client starts and I see a popup with "Looking for credential tiles" and directly "No certficates found", this on a Windows 7 and on a Windows XP I also get an popup to choose certficate but it is empty.

Also see part of a message that I do believe means "No certificates meet the application criteria" on the Windows 7 machine.

Please, anyone else that has tried this and have some suggestions, really need this to work!

Thanks!

/Johan

6 Replies 6

Yudong Wu
Level 7
Level 7

1. can you confirm if machine cert is installed?

2. can you confirm if the user has the right to access machine cert.

If I remember correctly, "true" should let regular user to use "machine cert".

Thanks for replying! :)

Yes, the machine cert is there and i'm local admin on the computer, also tried the CertificateStoreOverride in the xml file but no luck.

There must be some kind of criteria that the AnyConnect client looks at but cannot find in my cert?

Is the config one the firewall involved in this first stage when the AnyConnect client looks for the certificate, could it be a config error on the firewall?

If PC does have the machine cert and user does have the access right to it, could you please verify if your machine cert is valid?

Based on "get an popup to choose certificate but it is empty", I am thinking a issue with your machine cert.

On ASA side, do you have ID cert and CA cert installed?

Yes, ID cert and CA cert install, it works.

The machine cert worked when I tried the Cisco IPSEC VPN client, it finds it and I can connect and authenticate, but not with the AnyConnect.

Thanks!

/Johan

can you try to disable "User Account Control" and try it again?

If it still does not work, please open a case with TAC.

UAC disabled, same error, TAC case opened, thanks for your help!

/Johan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: