Anyconnect Certificate Selection Issue

CJFrickle
New Contributor

Hey Everyone,
So I'm a N00B, just getting used to all this stuff, looking for some advice on a Cisco Anyconnect Certificate issue.

The Breakdown:
We have about 100 computers enrolled through Jamf that pull down a certificate through enterprise connect. Once that certificate is in the keychain, we can enter an address manually in Anyconenct and it will run through the posture assessment successfully and the user will be prompted for credentials.

This worked until our engineering department decided to change the certificate environment. The new certificate pulls down successfully and shows as trusted in the keychain, but Anyconnect does not seem to be seeing it. Every time a connection is attempted, we receive a error citing "no valid certificates." The connection works when using the address for our back door that does not require two factor authentication. I have attempted installing anyconnect manually from the original .dmg, and still I get the same problem.

In our PC environment, the issue was remedied by updating the default.xml file to point to the new certificate instead of the old one. However, when I navigate to /opt/cisco/anyconnect/profile, There is no default .xml file. Furthermore, looking through all of the file structure, I don't see any .xml files that are directing anyconnect towards a particular certificate. I have tried recreating the package with the new default.xml file, and that doesn't work either---but, as I am a N00B, I'm hesitant to rule out the possibility that maybe I did this wrong.

Can anyone shed any light on how to direct anyconnect towards a specific certificate? Or how Anyconnect works differently on a Mac that might be affecting this? I'm sure this is just something simple that I am missing.

1 REPLY 1

al_platt
Contributor II

Been a while since i did this but you can create a default.xml manually and add it into the folders.

We used to grab the file with composer and push out the xml.

And i'm pretty sure I just grabbed the xml file from a windows box to start with.