Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Anyconnect VPN

I have

enabled cisco anyconnect vpn on an ASA series firewall and when I select local AAA

authentication I can connect my Anyconnect client.

But, when I select certificate based authentication, I'm not able to connect the Anyconnect VPN client to the firewall and an eeror message "certificate validation failure" is displayed. I think I may not have configured the ASA or my browser correctly. Can anybody help me and tell me the correct procedure for certificate based authentication without having to give a username and password?


Cisco Employee

Re: Anyconnect VPN

Hi Sachitha,

I guess you would have implemented this feature already by now, but here are the details:

1. As a first thing we need to install certificate on the ASA (self-signed or third party) Here is the link providing all the details for this:

2. Next we need to configure the Anyconnect to use these certificates, here is the conifg for this via ASDM:

3. Then we need to apply a certificate on the Client machines, one identity certificate and then the certificate Chain (root and intermediate certificates). We need to make sure the ASA certificate and the identity cerificate is signed by a CA in the certificate chain installed on both ASA and the client.

If you are facing issues even after this, let me know.

Hope this helps,


Rudresh V