Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco anyconnect 3.1 - Certificate Validation Failure.

When i try to start a SSL VPN connection to the ASA(8.4) with anyconnect 3.1, Cisco anyconnect receives a message saying "No Valid Certificates Available for Authentication".

Prior to the test;

     On the ASA, i have obtain CA certificate and its identity certificate. (Both certificates obtain from windows 2008 CA).

          * ASA identity certificate's have EKU attribute = Server Authentication,   Key Usage = Digital Signature, Key Encipherment.

     On the PC in which anyconnect installed, i have obtain User Certificate (this User certificate also obtain from the same windows 2008 CA)

          * Prior to obtaining User certificate from the windows2008 CA, ASA acts as a SCEP proxy onbehalf of the client PC.

          * User Certificate's has EKU attribute = Client Authentication.

As in the ASDM Logs, it almost work.

     asdm log.png

In days of troubleshooting, i still could not find the cause of this problem. Error message as appeared on anyconnect;

     anyconnect3.1 error.PNG

Is there anyone could help.???

Keshara from Sri Lanka.

4 REPLIES
New Member

Just run into this as well.

Just run into this as well. We have CRL checking turned on. Turned out to be the CRL server was down. But that was the same message I got when the client wouldn't connect. 

New Member

Re: Cisco anyconnect 3.1 - Certificate Validation Failure.

Have you solved it?

New Member

Re: Cisco anyconnect 3.1 - Certificate Validation Failure.

Hello,

I'm using Anyconnect with a Machine certificate to autheticate : it works with Windows PC (having xml profile in C:\ProgramData\Cisco\Anyconnect\Profile ) but not with Mac OS (with same xml file in /opt/cisco/anyconnect/profile).

With Mac OS : "Certificate validation failure" message pops up when trying to connect !

In Anyconnect messages : "No valid certificates available for authentication"

It seems like the certificate is not found on the Mac.

Do you know if there is differences in the XML file between a Mac from a Windows PC ?

Thanks for your help,

New Member

Re: Cisco anyconnect 3.1 - Certificate Validation Failure.

Can you share xml file ?
7778
Views
0
Helpful
4
Replies