There's a mobile version of our website.
I have a problem that is driving me nuts.
Here is the pertinent information first...
Cisco AnyConnect SecureMobility Client 3.0.4235
Cisco ASA 5510 firewall 8.2
The problem is..
...When I log in, the client does its start-up bit, and then displays a "This certificate is intended for the following purpose(s):" message. If I decline the certificate, it gives me the error message shown in the image, but I can otherwise continue and establish my VPNs with no problem.
Unfortunately, the certificate it selects has nothing to do with my organization ( in fact, the certificate is for "*.whitepages.com" - see images). To make matters worse, I can not find this referenced certificate anywhere under my user context in Windows.
I have tried removing, rebooting, and re-installing - it does no good.
How do I force the client to stop using this incorrect certificate, and to at least use one that belongs to my organization?
I have the same issue, al;most exactly - the only difference is that I am using version 2.5.3055 of the AnyConnect client.
When I try to connect to my VPN, I get the same *.whitepages.com certificate coming up, and whether I accept, decline or cancel, I am unable to connect. I CAN connect if I access my VPN using the webvpn link.
Hopefully someone finds a solution for this, because i have a lot of users that connect to my VPN.
The issue does not seem to be with the user certificate, it seems to be with the site certificate. When I open the AnyConnect client, I have it set to ask which certificate to use. I select my certificate, but it is after that point where the error occurs, as if my ASA is sending out the *.whitepages.com certificate.
I have not made any changes to my certificates since February, and this issue only began on May 4th.
After some more troubleshooting today, I tried a few more steops, and have been successful:
1) I removed my device certificate from the interfaces it was assigned to
2) I completely rebuilt my AnyConnect profile .xml file, and assigned it to the relevant group
3) I reenabled the device certificate on my interfaces.
Once thatw as done, my connections are working properly, and the issue with the *.whitepages.com certificate are gone.
I hope this hels someone else, because this drove me crazy for a few days.
Another update to this issue:
The *.whitepages certificate has come back. It still only happens when I try to connect to my gateway by FQDN. If I use IP address, I don't have this problem. I have not been able to find any other peson who is experiencing this issue, but it's strange that we would both be having the problem with the same certificate name.
I have almost the exact same issue. What I think happens is that the anyconnect client list the certificates that are in the user certificate store of the Windows 7 machine. Unfortunately it does display the already installed user certificate from the ASA. I got around this issue by adding Certificate Matching to my client Profile. I used the ISSUER-CN for matching. And now it works smoothly.
I've come across this issue also. I've put in values for Certificate Matching BUT it only applies AFTER the first login attempt. So the first login attempt, it will use the wrong cert, user logs out, then on the second login attempt it reads the newly downloaded connection profile, identifies the certificate matching value, and then denys the login unless the proper certificate is in place.
Login to share your discussion activity with your friends on Facebook. You can control what you share and turn off sharing anytime.
Your Facebook friends can now see that you have started this discussion
Your Facebook friends can now see that you have commented on this discussion
Your Facebook friends can now see that you have read this discussion