Anyconnect - Your Certificate is invalid for the selected group - Cisco ASA 5510

Unanswered Question
Feb 1st, 2013
User Badges:

Good morning,

So I have been struggling with this one for a little while now. I am hoping someone on these board could possibly point out what I am missing here.

I have a Cisco ASA 5510 and am looking to deploy Anyconnect. I had everything working with a self-signed cert, but once I moved to a signed SSL cert (godaddy), things seemed to stop working.

The cert itself works fine, but I keep getting this error in the Anyconnect client: "Your certificate is invalide for the selected group". It seemeds to me that the my SSL group doesnt have permissions to authenticate? I am unsure.

My users are using AAA, which is pointing to my AD. The AD is working fine (I can SSH into the FW using AD authent).

I also seem to not be able to figure out which debug command would show me perhaps the 'point of failure' in the anyconnect ssl client connection. Which would be the best command to use in this case?

I went through so many forums, and I just seem to be missing something. Can anyone point me in a direction that I need to go? If there is anything else someone requires, please do not hesitate to let me know.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion

Related Content