Openssl pkcs12 -in store.pfx -nocerts -out domain.pem -nodes Openssl pkcs12 -in store.pfx -out domain.crt -nodes -nokeys -cacerts Openssl pkcs12 -in store.pfx -nocerts -nodes -out domain.key This way I have extracted some certificates in different formats: openssl pkcs12 -in store.pfx -clcerts -nokeys -out domain.cer Tried this: sudo cp /etc/ssl/certs/Global* /opt/.cisco/certificates/ca Then I launched cisco anyconnect secure mobile client typed where to connect - but cisco keep saying me that Certificate validation failure
I have tried Google, but no solution has worked so far.I have installed cisco anyconnect secure mobile client 2 (+all required packages). Tests were done with An圜onnect 1 and 5 and ASA version 9.4(1) ASDM 7.4(1). cer from the CA and the identity certificate has only server authentication as it's usage.
the username for the login is taken from the certificate). If I remove the trustpoint I get an error message saying that it can't verify the VPN server, which is to be expected since it uses the self-signed certificate, but if I connect anyway I get the certificate selection and the login works fine (i.e. I also created a DART bundle and in there I can see that the certificate is selected from the store "Microsoft User", but after that I get several errors regarding the SCHANNEL, then it tries another certificate authentication and finds no certificates followed by the error. If I set the logging messages to debugging I can see that the device selects the correct trustpoint, but it doesn't extract anything from the certificate. An error message with "Certificate Validation Failure" appears and the client says "No valid certificates available for authentication" The certificate selection pops up and I select my certificate I click on connect on the An圜onnect client
If I assign the trustpoint to the interface the following happens: We run our own CA that gives out the client certificates for our users as well as the identity certificate for the ASA.
I am currently facing a problem regarding An圜onnect authentication with AAA+certificate. Edit: Problem is solved, see my post in this discussion.
0 kommentar(er)
