it seems that in that thread, the original poster manged to get his setup working. Did his explanation help you as well or do you still need help? If so could you please summarize your current situation?
So I found the solutions to use user certificate instead of client certificate, as described by the original poster, MS IE look only for user certificate store, but this is not confirmed, so if this affirmation is correct why Cisco let us choice between user and machine certificate.
Everything works well now for me using user certificate, except the SBL, I think using user certificate SBL doesn’t works because the user didn’t authenticated yet and anyconnect doesn’t know which user certificate it has to check/see. For this reason also would be great to use machine certificate.
if you have some advice about this would be great.
I'm not sure I understand your first point/question. IE only uses user certificates, Anyconnect allows you the choice between user of machine certs.
As for SBL, there you indeed need a certificate in the machine store because the user is not logged in yet and so he cannot access the user store.
Most customers using this kind will use the pre-depolyed anyconnect client instead of weblaunch, since you need to install the Gina package anyway you might just as well install the client? So in that case you don't need IE to launch anyconnect, and there is no user vs. machine store issue.
I was questioning about why Cisco don’t put remark in their doc about MS IE? I mean if a web browser can only look at user certificate, they have to put somewhere in the doc to tell us that we have to use only user certificate in case we want to authenticate user during the web lunching process.
About the pre deployment you are absolutely right, but we have a lot users outside of company that we would like to use the web interface to install client on their laptop, this is why if I choice machine certificate for all our staff, those remote staff cannot authenticate by web interface, and the solutions is to create another profiles for them with user certificate.
For the SBL I haven’t checked yet if its work with machine certificate, I will but additional comment here to confirm If its work or not.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...