AnyConnect 3.1 - removing Security Warning: Untrusted VPN Server Certificate!

Unanswered Question
Nov 28th, 2012
User Badges:

Hi guys,


Is there a way to disable the warning generated from using self signed certs?

I would like to make the process as seamless as possible.



AnyConnect 3.1

ASA 8.4(2)


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jouni Forss Fri, 11/30/2012 - 00:35
User Badges:
  • Super Bronze, 10000 points or more

Hi,


We had problem with the above error message with our certificate when we moved to AnyConnect 3.1


We were instructed to request a new one


Also here is the link to Cisco site we were provided that explains the changes in 3.1


IPSec and SSL connections require server  certificates to contain Key Usage attributes of Digital Signature and  Key Encipherment, as well as an Enhanced Key Usage attribute of Server  Authentication or IKE Intermediate. Note that IPSec server certificates  not containing a Key Usage are considered invalid for all Key Usages,  and similarly an IPSec server certificate not containing an Enhanced Key  Usage is considered invalid for all Enhanced Key Usages. 


Link to document


http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html#wp1049936


Sadly I dont dable with certificates myself so I'm not really familiar with this.


- Jouni

Actions

This Discussion

Related Content