I have installed cisco anyconnect secure mobile client 4.2.01022 (+all required packages).
Then added .pfx
certificates to gnone2-key
storage.
Then I launched cisco anyconnect secure mobile client typed where to connect - but cisco keep saying me that Certificate validation failure
Tried this:
sudo cp /etc/ssl/certs/Global* /opt/.cisco/certificates/ca
link was created but didn't help. How to connect?
UPD:
This way I have extracted some certificates in different formats:
openssl pkcs12 -in store.pfx -clcerts -nokeys -out domain.cer
openssl pkcs12 -in store.pfx -nocerts -nodes -out domain.key
openssl pkcs12 -in store.pfx -out domain.crt -nodes -nokeys -cacerts
openssl pkcs12 -in store.pfx -nocerts -out domain.pem -nodes
Got 4 files:
domain.cer
domain.key
domain.crt
domain.pem
Placed all 4 of them in 3 different places:
~/.cisco/certificates/ca ~
Trusted CA and root certificates
~/.cisco/certificates/client
Client certificates
~/.cisco/certificates/client/private
Private keys
Same error.
UPD2: Tried to configure cisco anyconnect compatible with openconnect (which integrated to linux network center): It asks to set:
CA certificate (it has to be domain.crt, so chosen it)
User certificate (that is it? - didnt choose)
Private key (I think its domain.key, so chosen it)
But if tries to connect:
Certificate from VPN server [host ip] failed verification.
Reason: certificate does not match hostname
Do you want to accept it?
Certificate from VPN server "194.176.96.4" failed verification.
Reason: certificate does not match hostname
Do you want to accept it?
With below info:
X.509 Certificate Information:
Version: 3
Serial Number (hex): ****
Issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=GeoTrust RSA CA 2018
Validity:
Not Before: **
Not After: **
Subject: C=RU,ST=[city],L=[city],O=[company name],OU=IT,CN=vpn.[companyname].ru
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
....
I accept - and same error Certificate validation failure, full log:
POST https://[host_name]/
Attempting to connect to server [host_name]:443
SSL negotiation with [host_name]
Server certificate verify failed: certificate does not match hostname
Connected to HTTPS on [host_name]
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Sun, 26 Aug 2018 08:43:32 GMT
X-Frame-Options: SAMEORIGIN
X-Aggregate-Auth: 1
HTTP body chunked (-2)
Server requested SSL client certificate; none was configured
POST https://[host_name]/
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Sun, 26 Aug 2018 08:43:32 GMT
X-Frame-Options: SAMEORIGIN
X-Aggregate-Auth: 1
HTTP body chunked (-2)
XML POST enabled
PS: On windows same steps worked, added cert by double clicking then launched cisco client, typed server, then he asked password to server I quess - and then I was connected.
system.log
and share it on any external file sharing server ? I can take a look. Also check this thread on how to get private key, pem file from pfx.