Installing a certificate on an iPhone for VPN use

Unanswered Question
Mar 30th, 2011
User Badges:

As I chip away at the tasks I need to complete in order to get on demand VPN to work on an iPhone, I'm a bit puzzled as to how I can get the certificate installed on the iPhone.  I'm also not sure if I'm exporting the correct cert from the ASA.  I'm exporting the identity cert from the ASA but I'm not sure if it should be in PEM or PKCS12 format.  I've tried both.  I tried putting the cert file in a place that I could get to from Safari.  That doesn't work.  Tried in email too.  Am I on the wrong path completely?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
andamani Wed, 03/30/2011 - 18:02
User Badges:
  • Cisco Employee,

Hi Mike,

I understand that you are trying to configure SSL VPN connection with ASA. The following link gives you details of certificates on Iphones.

Hope this helps.



P.S.:please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

MikeM-2468 Thu, 03/31/2011 - 04:21
User Badges:

Thanks for the reply.  That's the document that I had been working from before.  There isn't enough detail in there.  I guess my real question focuses more on exporting the identity cert from the ASA but I'm not sure if it should be in PEM or PKCS12 format and neither of those seem to be able to be imported into the phone.  In testing, I'm not even able to import either of those into Windows.  When I export them, it asks that it be exported with a pasphrase.  When I import it in Windows, it asks for a password and the one I use at export doesn't work. Am I trying to use the wrong cert?

MikeM-2468 Fri, 04/01/2011 - 05:23
User Badges:

It seems that I should be installing a client or user cert from the CA.  I've done both but the option in AnyConnect to use certificates is still grayed out.

MikeM-2468 Fri, 04/01/2011 - 08:35
User Badges:

The solution was in exporting the user certificate from my PC's web browser as a .PFX.  Importing that into the iPhone (sent via email) worked to enable the Use Certificates option in the AnyConnect client.

scott.parr Tue, 02/23/2016 - 12:19
User Badges:

So there is no other solution past using the AnyConnect Client?

I have followed recommendations above - but the option is still greyed out.  When I look at the actual cert from a VPN Cert that works (From another system) it shows:  VPN Certificate & Certificate... the one I am generating from my CV325 simply states: Certificate.   Could this potentially be the issue?

iwearing Fri, 06/17/2011 - 04:30
User Badges:


I read your post with interest as I have a similar issue. I am using a Micrsoft Internal CA. I have generated a CSR for an Identity Cert for my ASA. I import the CA Root cert and signed Identity Cert onto the ASA.

Im not so sure If I can use the same Certificates on the IPhone or do I need to create an Individual Identity Certificate for each IPhone to be used.

Any comments would be appreciated.



MikeM-2468 Fri, 06/17/2011 - 05:04
User Badges:

I wouldn't recommend using the same cert for everyone.  I'm using individual certs for every user.  That way I can revoke one if I need to and it won't impact all users.  In my case, I tested the CRL backwards and forwards so I knew how it would work if I needed to revoke access.

iwearing Fri, 06/17/2011 - 06:22
User Badges:


Thanks for the update.

Did you have to install the CA Root Certificate and the Identity cert on the IPhone.



MikeM-2468 Fri, 06/17/2011 - 06:25
User Badges:

You don't have to install anything but the user cert on the iPhone.  You can install the CA just so future certs would be trusted, but it isn't required.


This Discussion

Related Content