Cisco Anyconnect client Certificate Validation Failure Hi there, I am planning to move users in my organisation from a Cisco IPsec VPN to the newer Cisco AnyConnect SSL VPN client. Aug 30, 2018 Right-click the Cisco AnyConnect VPN Client log, and select Save Log File as AnyConnect.evt. Note: Always save it as the.evt file format. If the user cannot connect with the AnyConnect VPN Client, the issue might be related to an established Remote Desktop Protocol (RDP) session or Fast User Switching enabled on the client PC.
I have remote VPN set up on ASA 5505 9.0(1), device manager 7.0.(2).
Client authentication is set up on certificates only, smart card based.
The ASA has been installed both the root CA and intermediate CA certificates. Client cert, interme cert and root cert are all in chain.
However dialing the VPN a client gets an error on Anyconnect: Certificate Validation Failure.
ASDM validates the intermediate CA cert, but fails at validating the client cert:
PIC http://www.upload.ee/image/2886875/asdmlogfail.gif
Note that where the error occurs- on a successful authentication, instead of the error there would be a record about the Clients certificate's credentials (when not authenticating with a smart card).
Looking at the ASA debugging everything goes smooth until a weird error pops:
CRYPTO_PKI(make trustedCerts list)
CRYPTO_PKI: Found suitable tpCRYPTO_PKI:check_key_usage: ExtendedKeyUsage OID = 1.3.6.1.5.5.7.3.2
CRYPTO_PKI:check_key_usage:Key Usage check OK
CRYPTO_PKI: Certificate validation: Failed, status: 1823CRYPTO_PKI: PKI Verify Certificate Check Cert Revocation unknown error 1823
CRYPTO_PKI: PKI Verify Certificate error. No trust point found.
CRYPTO_PKI: Storage context released by thread CERT API
CRYPTO_PKI: Certificate not validated
CRYPTO_PKI: Invalid cert.
error 1823 doesnt take me anywhere on google. CRL checking is disabled, all certs are valid. If you need to see a full log then i can give it.
thanks!