Cisco Support Community
Community Member

AnyConnect on Mac using obsolete X509Anchors

After many hours of troubleshooting why our Mac OS machines complain about an untrusted server, while our Windows machines do not, it was determined that AnyConnect uses an obsolete method of validating certificates against the X509Anchors file. This is a problem since Apple states that "X509Anchors, is no longer used by Mac OS X as the system root certificate store" (from a warning issued whenever attempting to modify this file).

As more CAs are added to Mac OS machines, new root certificate authorities are not being added to X509Anchors. This is going to be more and more of an issue as time goes on and more root certificate authorities are created/updated. In our case, the "VeriSign Class 3 Public Primary Certification Authority G5" is trusted by the system, but is not in X509Anchors so AnyConnect is continuing to give our associates an error.

Can AnyConnect please be updated to not use this obsolete method and to instead use the "new" security framework? This was introduced back in Mac OS X 10.3.

Thank you,


CreatePlease to create content