Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5768
Views
5
Helpful
2
Replies

Anyconnect with Certificate Authentication -> "No valid certificate available..."

Patrick Werner
Level 1
Level 1

‎04-08-2014 07:22 AM - edited ‎02-21-2020 07:35 PM

Hi Community.

I did everthing like shown in the following "How to"

http://www.runtrocks.com/cisco-anyconnect-ssl-vpn-certificate-based-authentication-part-1/

I install the CA from an external CA Authority called "Swisssign", installed that CA in my ASA to the CA Certificates. Then i create a certificate request, and send that to the CA Auhtority called "Swisssign". After a day i get back a Certificate and installed that onto the ASA.

 

Everyting is working fine. But which certificate do i have to install on my machines? Windows 7, IPhone, IPAD,....

 

On almost every "How to" they talk about MIcrosoft PKI and Active Directory Certificate Services, but do i really need Active Directory Certificate Services to get that work ?

 

Thanks and best regards patrick

 

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-08-2014 08:12 AM

Certificates can be used in several ways. The bit you did gives the ASA itself a certificate so that a client connecting to it for SSL VPN service will not get an "untrusted certificate" error message.

If you want your clients to use a certificate for authentication (vs. a userid and password or other method) they will need to be issued individual certificates from a CA that the ASA trusts. That's where people often use an internal CA - often running on Microsoft's platform.

Client certificates are only one of several available types of authentication. They are by no means mandatory but if you do choose to use them, they need to be issued from a trusted root CA.

s.mejiagarcia1
Level 1
Level 1
In response to Marvin Rhoads

‎01-15-2016 03:48 PM

Hi marvin,

Can you help me im trying to connect a User trought certificate in annyconect. the problem is that i have my CA in windows and all is perfect because when i connect the anyconnect client to the vpn the client request for a certificate and the CA issue a new certificate but then there is a message like this : Certificate enrollment succeeded, disconnecting. and when i try to connect again the anyconnect say that is not a valid certificate. so then i need to entry again my username and my password to request a new certificate. but if i do that again i can stay requesting and infinity certificates. and never connect to the vpn.

Preview file
131 KB
Preview file
120 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents