Guys, I'm trying to configure my ASA5505 to authenticate AnyConnect VPN clients by using certificates. I have 'Certificates' set as my authentication method in my AnyConnect Connection Profile (see attached screenshot), but I keep getting "Certificate Validation Failure" whenever I try to connect. The certificate I want to use is a Computer certificate issued from my Enterprise Root CA (Windows Server 2008 running Active Directory Certificate Services). Certificate screen shot is attached. I've added the Root certificate on the ASA, and I've tried all manner of combinations using Certificate Matching in the AnyConnect Client Profile. Every attempt has failed, and I'm having no luck finding documentation on how to procede. Any help would be greatly appreciated!
The problem you are describing, not able to authenticate via certificate through Microsoft Internet Explorer, is because of the fact that the certificate is in the Machine store. You would want to confirm with Microsoft but, it is my understanding that Microsoft Internet Explorer only users the User Store, as such the certificate is not available to be presented to the ASA through the web-browser.