AnyConnect 3.1.01065

Unanswered Question
Dec 10th, 2012

Hi Guys.

Just upgraded to newest version on anyconnect... asa running 8.4(4) 1

I only have this security warning :

Does anyone knows how to get rid of it ? , i have installed the cert on the client and have no warning when entering the https site for connecting / downloading the anyconnect client.

If i accept i will be logged on anyconnect and this will show up everytime connecting.

Please support.    

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pkupisie Mon, 12/10/2012 - 06:47

Hi Filip,

You need in certificate that is used by HTTP Server (SSLVPN)  to have Extended Key Usage (EKU) value of 'Server Authentication' .

You can use for it Cisco CA on IOS for some time already.

Example PKI Server configuration:

crypto pki server CA
grant auto
hash sha1
eku server-auth client-auth


crypto pki trustpoint CA-self
enrollment url
subject-name cn=,ou=TAC
revocation-check none
eku request server-auth

I hope it helps. Cheers.

Filip Olsen Tue, 12/11/2012 - 00:15

Hi Piotr.

Yes i did read about this EKU change in cert , but im not able to use these commands in ASA IOS ?

Filip Olsen Wed, 12/12/2012 - 12:53

>You can use for it Cisco CA on IOS for some time already<

Which IOS version is that , im trying with 15.1.4 on a 2801... still not able to use EKU command.

pkupisie Sat, 12/15/2012 - 23:44


Please refer to the bug CSCtl97326 which was feature request for EKU in PKI Server:

Based on this information it is added in:









In case of 15.1.4 I cannot check it without a trendline (T/S/M).


This Discussion

Related Content