openconnect with Belgian EID

David Woodhouse dwmw2 at
Tue Nov 5 07:36:09 EST 2013

On Tue, 2013-11-05 at 11:20 +0100, Christof Haerens wrote:
> I try to connect to cisco with openconnect and my Belgian EID card. My
> access is ok and no user/pw is needed. This is verified with my card
> and using the anyconnect on windows.

Hm, that really looks like it *ought* to be working. The only thing I
can think of is that your server might need the full certificate trust
chain, instead of just the 'leaf' cert itself. Can you ensure that your
certificate authorities are installed correctly (or just use the
--cafile option), and that you have a full trust chain for your personal
cert? That way, openconnect will *offer* that chain on the wire, which
might help with authentication.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list