Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

AnyConnect client 2.4 and machine certficate

Hi All!

I'm trying to configure AnyConnect to use our domain issued machine certificate for authentication together with radius otp password.

My problem is that the AnyConnect client does not find my machine certficate.

I have configured an xml file with:

<CertificateStore>Machine</CertificateStore>

<AutomaticCertSelection UserControllable="false">false</AutomaticCertSelection>

The Anyconnect client starts and I see a popup with "Looking for credential tiles" and directly "No certficates found", this on a Windows 7 and on a Windows XP I also get an popup to choose certficate but it is empty.

Also see part of a message that I do believe means "No certificates meet the application criteria" on the Windows 7 machine.

Please, anyone else that has tried this and have some suggestions, really need this to work!

Thanks!

/Johan

6 REPLIES

Re: AnyConnect client 2.4 and machine certficate

1. can you confirm if machine cert is installed?

2. can you confirm if the user has the right to access machine cert.

If I remember correctly, "true" should let regular user to use "machine cert".

New Member

Re: AnyConnect client 2.4 and machine certficate

Thanks for replying! :)

Yes, the machine cert is there and i'm local admin on the computer, also tried the CertificateStoreOverride in the xml file but no luck.

There must be some kind of criteria that the AnyConnect client looks at but cannot find in my cert?

Is the config one the firewall involved in this first stage when the AnyConnect client looks for the certificate, could it be a config error on the firewall?

Re: AnyConnect client 2.4 and machine certficate

If PC does have the machine cert and user does have the access right to it, could you please verify if your machine cert is valid?

Based on "get an popup to choose certificate but it is empty", I am thinking a issue with your machine cert.

On ASA side, do you have ID cert and CA cert installed?

New Member

Re: AnyConnect client 2.4 and machine certficate

Yes, ID cert and CA cert install, it works.

The machine cert worked when I tried the Cisco IPSEC VPN client, it finds it and I can connect and authenticate, but not with the AnyConnect.

Thanks!

/Johan

Re: AnyConnect client 2.4 and machine certficate

can you try to disable "User Account Control" and try it again?

If it still does not work, please open a case with TAC.

New Member

Re: AnyConnect client 2.4 and machine certficate

UAC disabled, same error, TAC case opened, thanks for your help!

/Johan

672
Views
0
Helpful
6
Replies
CreatePlease to create content