Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MacOS The server certificate received or its chain does not comply with FIPS. A VPN connection will not be established.

What file do I need to edit to set

<FipsMode>false</FipsMode>
in MacOS X v10.9.2 for AnyConnect

anyconnect-macosx-i386-2.5.2014-k9.pkg

Thanks

Everyone's tags (2)
3 REPLIES
Silver

MacOS The server certificate received or its chain does not comp

You would need to change it in the Anyconnect Local Policy xml file (AnyConnectLocalPolicy.xml). The locations for different OS's are given here:

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac09localpolicy.html#wp1055371

Thanks

Rahul

New Member

MacOS The server certificate received or its chain does not comp

Thanks for the link Rahul.

I am running v3.1.04066

It appears the filename is actuallyAnyConnectLocalPolicy.xsd

However, I'm not sure how to edit this file to disable the FIPS security check. This is what is in the file now related to FIPSMode:

 

   

     

       

         

           

             

             

           

         

       

How would you change this file to disable FIPSMode?

Silver

MacOS The server certificate received or its chain does not comp

Hi,

This is the schema file for the local policy, not the local policy itself. Looks like the AnyconnectLocalPolicy.xml file is not created by default on installation on Mac and Linux. This should be fixed in the next major Anyconnect release. If you have a Windows machine, can you copy the AnyconnectLocalPolicy.xml from it and put the same in the /opt/cisco/anyconnect folder on the MAC?

565
Views
0
Helpful
3
Replies