AnyConnect with Certificate and Start Before Login

Unanswered Question
Aug 5th, 2010
User Badges:

We are using AnyConnect 2.4.1012 with a public key user certificate.

If the user has logged into their machine, plugs in their key, and starts anyconnect, everything works fine.

If we try to use "Start Before Login" we get a "certificate is invalid for this group" error. 

SBL works fine if we use any other form of authentication (LDAP, SecurID, etc).

Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Todd Pula Tue, 08/10/2010 - 09:25
User Badges:
  • Silver, 250 points or more

For certificate authentication to work with SBL, the client certificate will need to be available in the machine store so that the AnyConnect client can access it.  If the certificate is present in the machine store but AnyConnect does not have rights, you can try to update the AnyConnect XML profile to include the switch below.



This Discussion