Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Anyconnect - Your Certificate is invalid for the selected group - Cisco ASA 5510

Good morning,

So I have been struggling with this one for a little while now. I am hoping someone on these board could possibly point out what I am missing here.

I have a Cisco ASA 5510 and am looking to deploy Anyconnect. I had everything working with a self-signed cert, but once I moved to a signed SSL cert (godaddy), things seemed to stop working.

The cert itself works fine, but I keep getting this error in the Anyconnect client: "Your certificate is invalide for the selected group". It seemeds to me that the my SSL group doesnt have permissions to authenticate? I am unsure.

My users are using AAA, which is pointing to my AD. The AD is working fine (I can SSH into the FW using AD authent).

I also seem to not be able to figure out which debug command would show me perhaps the 'point of failure' in the anyconnect ssl client connection. Which would be the best command to use in this case?

I went through so many forums, and I just seem to be missing something. Can anyone point me in a direction that I need to go? If there is anything else someone requires, please do not hesitate to let me know.



Everyone's tags (2)