Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
551
Views
0
Helpful
2
Replies

How to push ISE portal certificate (posture) to Anyconnect clients?

Larry Sullivan
Level 3
Level 3

‎11-18-2022 03:57 PM - edited ‎11-18-2022 04:04 PM

Hi,

Anyconnect client isn't trusting the ISE certificate for posturing upon connection due to it being a self signed certificate.

I have tried certificate pinning in VPN editor but that made it so I get an error upon connection saying can't connect at all due to pinning issue/error.

I tried manually loading the ISE certificate in my trusted store but it was in PEM format and apparently that is not one of the accepted formats.

What is the best and most user friendly way to get Anyconnect clients to trust the certificate?  Is there a way to get the FTD to tell the client to trust the certificate via the VPN profile or to force the client to install it without user interaction? 

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎11-19-2022 01:31 AM

@Larry Sullivan te easiest way would be to use a publically signed certificate on ISE, which most devices will automatically trust as the root cert is already in the certificate store.

0 Helpful

Larry Sullivan
Level 3
Level 3
In response to Rob Ingram

‎11-21-2022 06:12 PM - edited ‎11-21-2022 06:29 PM

Yeah wanted to avoid that option, but if worst comes to worst may have to go that route.

0 Helpful
Customers Also Viewed These Support Documents