We currently deploy Cisco AnyConnect with a user certificate stored in the login keychain. Because the login keychain is often recreated by our admin users as part of password troubleshooting, we are looking at authenticating against a device certificate in the System keychain instead, does anyone have experience doing this? thanks
Question
Cisco AnyConnect Certificates
+11
+15Check out https://www.jamf.com/jamf-nation/discussions/10042/cisco-anyconnect-3-1-04072-10-9-and-admin-credentials
We ended up putting the certs outside the keychain, and using a custom xml to point to them. Works well.
+11@tep thanks for the response. Because of the way our certificates expire/renew, we need to deploy them via Configuration Profile so I'm looking to see if there is a way to do that via System Keychain specifically..
I take it that you don't deploy your certificates via Configuration Profile if you are putting them outside of the keychain?
+15@mapurcel For this specific use, I package up the .pem and .key certs and place them in /opt/.cisco/certificates/client/ and /opt/.cisco/certificates/client/private, respectively.
+13@tep I wrote you on Twitter, but I actually need help with this very thing if your willing to explain it to me. Im in situation right now where I also would like to store the user Cert VPN wants, outside of keychain and also having issues with Cisco VPN prompting for admin to access system keychain (non admin users) when they try to connect
+1@Stubakka @tep Would either of you be willing to do a quick write up of the steps involved in this? Our Cisco admins are trying to implement user certs for AnyConnect and we're having a difficult time getting it off the ground for testing and deployment. How do we generate the certs to begin with? Thanks!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.