Certificate Validation Failure Cisco Anyconnect
Posted on by admin
Hi,
I have installed cisco anyconnect secure mobile client 4.2.01022 (+all required packages). Then added `.pfx` certificates to `gnone2-key` storage. Then I launched cisco anyconnect secure mobile client typed where to connect - but cisco keep saying me that `Certificate validation failure` Tried this. Cisco Anyconnect client Certificate Validation Failure Hi there, I am planning to move users in my organisation from a Cisco IPsec VPN to the newer Cisco AnyConnect SSL VPN client.
Certificate Validation Failure Cisco Anyconnect Ibm
I am getting certificate validation error when connecting anyconnect
Below is the information .
I have root ca and sub ca (microsoft internal ) ,
So i added both certificates under device management ->ca certificates (Two differnect trust points )
ROOT-CA
sh crypto ca certificates
CA Certificate
Status: Available
Certificate Serial Number: 29axxxxxxxxxxxxxxxxx
Certificate Usage: Signature
Public Key Type: RSA (2048 bits)
Signature Algorithm: SHA1 with RSA Encryption
Issuer Name:
cn=RootCa
dc=testdom
dc=local
Subject Name:
cn=RootCa
dc=testdom
dc=local
Validity Date:
start date: 15:35:11 UTC Dec 24 2008
end date: 15:29:35 UTC Jan 15 2019
Associated Trustpoints: ASDM_TrustPoint3------------------------------ROOT-CA
IDENTITY CERTIFICATE
Certificate
Status: Available
Certificate Serial Number: 1bxxxxxxxxxxxxxxxxx
Certificate Usage: General Purpose
Public Key Type: RSA (2048 bits)
Signature Algorithm: SHA512 with RSA Encryption
Issuer Name:
cn=testdom-INTCA
dc=testdom
dc=local
Subject Name:
cn=testdom-Internet-FW
CRL Distribution Points:
[1] ldap:///CN=testdom-INTCA,CN=CERSRV,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=testdom,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint
[2] http://CERSRV.testdom.local/CertEnroll/testdom-INTCA.crl
Validity Date:
start date: 11:33:48 UTC Apr 18 2017
end date: 15:29:35 UTC Jan 15 2019
Associated Trustpoints: ASDM_TrustPoint2------identity certificate
-SUBORDINATE CA
CA Certificate
Status: Available
Certificate Serial Number: 1bxxxxxxxxxxxxxxxxx
Certificate Usage: Signature
Public Key Type: RSA (2048 bits)
Signature Algorithm: SHA1 with RSA Encryption
Issuer Name:
cn=RootCa
dc=testdom
dc=local
Subject Name:
cn=testdom-INTCA
dc=testdom
dc=local
CRL Distribution Points:
[1] ldap:///CN=RootCa,CN=AD02,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=testdom,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint
Validity Date:
start date: 16:04:06 UTC Jan 30 2017
end date: 15:29:35 UTC Jan 15 2019
Associated Trustpoints: ASDM_TrustPoint1-------------------SUBORDINATE CA
IDENTITY CERTIFICAT'S EKU set to Server Authentication (1.3.6.1.5.5.7.3.1)
and the user certificate eku set to client authentication
show crypto ca trustpoints
Trustpoint _SmartCallHome_ServerCA:
Not authenticated.
Trustpoint ASDM_TrustPoint0:
Not authenticated.
Trustpoint ASDM_TrustPoint1:
Subject Name:
cn=testdom-INTCA
dc=testdom
dc=local
Serial Number: 15xxxxxxxxxxxxxxxxxxx
Certificate configured.
Trustpoint ASDM_TrustPoint2:
Not authenticated.
(Q. Why it is not authenticated ? )
Trustpoint ASDM_TrustPoint3:
Subject Name:
cn=RootCa
dc=testdom
dc=local
Serial Number: 29xxxxxxxxxxxxxxxx
Certificate configured.
tunnel-group test webvpn-attributes
authentication aaa certificate
I have split domain testdom.local and testdom.com
so the user principal name is user1@testdom.com (not user1@testdom.local )
the certificate cn is user1@testdom.com
Thanks
Coments are closed