I want to disable automatic certificate selection in Anyconnect 3.0 in order to connect from a single host (laptop) to two different groups in ASA. These are the steps that I have followed.
1. Create two groups in ASA
2. Create maps for certificates in "Certificate to AnyConnect and Clientless SSL VPN Connection Profile Maps"
3. Connect successfully to two groups, but the problem is that when i have both certificates installed in Laptop i can't select the group i want to log in.
4. Create the following xml from VPN Local Policy Editor
<?xml version="1.0" encoding="UTF-8"?>
uploaded in ASA and added in both groups.
then connect again and in the preferences i can see that the automatic certificate selection in unchecked.
But when i disconnect and try to connect again this options dissapears and i cannot select the group i want to connect.
So i think that this option is not saved local somewhere in the Laptop,
Can anyone help me?
Is something wrong in the configuration?
That option is in the XML profile which you know should in the profiles folder of the AnyConnect client. Once in there, if you have more than one certificate in the user store the AC client will ask you to choose.
Is this what you have?
Sent from Cisco Technical Support Android App
What do you mean by "should in the profiles folder of the AnyConnect client."? Is this a folder in the Laptop? Like "
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client" or somewhere in ASA?
I am still quite confusing where to save the xml file in order to disable automatic certificate selection for Anyconnect client in Laptop. I have searched in the Cisco site but it is not clear what to do. Can anyone describes to me step by step the procdure? I think that i miss something quite simple.
The file is in here:
<>\%ALLUSERSPROFILE%\Application Data\Cisco\Cisco AnyConnect VPN Client\Profile>
Please keep me posted.
Hi i have allready the file there but still it does not working. it's file name is 1.xml
this is the xml file
Could you please check it?
Here is all the path
C:\Documents and Settings\All Users\Application Data\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
and ther is a file also "AnyConnectProfile.xsd"
Can anyone give me the correct path in Win7 & WinXP because i still haven't find any sollution.
did you get any solution ? because i am facing exactly the same problem.
1- on website i am able to get certification selection dialog box.
2- but on anyconnect software it does not prompt, automatically selects certificates.
i have done most of the things advised on cisco forum but can't find any solution. please share if you found any solution.
It should work without any issues as long as the AnyConnect client has rights to access the certificate store.
Are you running the latest 3.1.x AnyConnect client or still on 3.0.x?
Are you testing with an admin account?
Thanks for your time.
i have admin rights on windows and anyconnect can access certificate store. i am using anyconnect client 3.1.
i tried so much but couldnt do it on client but on web i am getting certificate seletion manually. however on anyconnect client is able to access the certificate store i can see on debug on asa 4.8 that there are 4 certificates available on certificate store and anyconnect tries all and matches the one which is valid. so this means that it can access the certificate store.
if you need any specific debugs i can provide you that too.
thanks for replying to my issue.