AnyConnect Secure Mobility Client (ACSMC) failed to connect to ocserv with certificate
tefeng
tefeng.em at gmail.com
Fri Jan 9 07:05:15 PST 2015
Thanks for your quick reply.
The 'profile.xml' was copied from the sample directory 'doc' without any
changes. This time I modified it on server side as you demonstrated,
and also added custom OID value in client certificate's "Properties -
Extended Validation" dialog on win7. But it still doesn't work with same
error in log file.
Then I tried 'openconnect-gui' and selected the client certificate in
setting windows. It seems OK except for the repeated prompt "DTLS
handshake failed: Resource temporarily unavailble, try again". Thanks.
regards,
tefeng
On 2015/1/9 21:00, David Woodhouse wrote:
> On Fri, 2015-01-09 at 20:54 +0800, tefeng wrote:
>> It seemed that ACSMC on win7 didn't recognize the certificate (imported
>> via 'mmc' command, the same way for strongSwan certificate which works OK).
>>
>> Any recommendations would be really appreciated. Thanks in adv.
> Were you looking for recommendations other than using OpenConnect on
> Windows? https://github.com/openconnect/openconnect-gui/wiki
>
> How does the Cisco client know which certificate to use? In the profile
> there is a <CertificateMatch> node which looks something like this:
>
> <CertificateMatch>
> <KeyUsage>
> <MatchKey>Digital_Signature</MatchKey>
> </KeyUsage>
> <ExtendedKeyUsage>
> <ExtendedMatchKey>ClientAuth</ExtendedMatchKey>
> <CustomExtendedMatchKey>1.2.840.113741.1.5.1.101.1.5</CustomExtendedMatchKey>
> </ExtendedKeyUsage>
> </CertificateMatch>
>
> Do you have something similar in your profile, and does the certificate
> you've imported match the criteria?
>
More information about the openconnect-devel
mailing list