![]() ![]() ![]() Please verify your certificate and make sure it has valid EKU (Extended Key usage) and KU (key usage). ![]() define an explicit cert matching policy in the client profile. Generate a new ID certificate with the correct Extended Key Usage.Ģ. Use an id certificate on the client that doesn't have an EKUġ. When using certificates with the anyconnect client if the client certificate doesn't have an EKU defined or very specific EKUs then the connection will be rejected. Generate a new ID certificate with the correct Extended Key UsageĭOC: specific Extended Key Usage rqrd in client certs for some 3.0 vers. Use an id certificate on the client that has an EKU other than "client-authentication". Use an id certificate on the ASA that has an EKU other than "server-authentication". Similarly the client's id certificate also needs to be "client-authentication" otherwise the ASA will reject it. When using certificates with the anyconnect client if the certificate installed on the ASA doesn't have the EKU attribute set to "server-authentication" then the anyconnect client will reject the ASA's certificate as invalid. Connect it to my VPN if it isn’t working. There should be an icon for Cisco on the bottom of the tray and an extension for An圜onnect on the top. To use Cisco An圜onnect Secure Mobility Client, double click it. DOC: Anyconnect supports specific Extended Key Usage attributes in certs Ensure the application is selected from the left-hand navigation menu and within Cisco’s folder.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |