AnyConnect vs OpenConnect
hanoh haim
hhaim.hanoh at gmail.com
Thu Oct 8 07:46:04 EDT 2020
Hi David,
This was super fast response, didn’t expect that.
I’m using Linux with latest kernel (5.4)
On the same machine AnyConnect works fine
I have the installation script of AnyConnect there are two .PEM files under
/opt/.cisco/certificate/ca/
adding "-c *.pem"
return
"Failed to determine type of private key "
How can I convert the two files to client cert?
Shouldn’t the certificate be different per machine? It is the same for
all installations ..
BTW
I read your original email about openconnect project in Linux mailer
describing the protocol. Very nice job hacking it.
Did you replaced the openssl library with one that extract the master
keys and looked into the decrypt https sessions? Do you have something
describing how you reverse engineering it?
Thanks
Hanoh
On Thu, Oct 8, 2020 at 2:14 PM David Woodhouse <dwmw2 at infradead.org> wrote:
>
> On Thu, 2020-10-08 at 13:57 +0300, hanoh haim wrote:
> > Your client certificate will be used for authentication
> ...
> > Server requested SSL client certificate; none was configured
> ...
> > Certificate Validation Failure
> ...
> > Failed to obtain WebVPN cookie
> >
> >
> > Where can I find the Client Certificate of my AnyConnect?
>
> That depends on where your AnyConnect is running. Is it Linux? In that
> case I think it's bizarrely in your *Firefox* certificate store? If you
> set it up correctly in p11-kit you could probably ask OpenConnect to
> use it directly from there.
>
> On Windows it might be in the Windows certificate store. I think
> OpenConnect can use it from there if running on Windows, or if you want
> to take it elsewhere you might need to use JailBreak to extract it.
--
Hanoh
Sent from my iPhone
More information about the openconnect-devel
mailing list