I built four ASA's with 10 SSL VPN users and all but one has the same problem. I'm required to have aaa and user ca authentication. After I did crypto ca server user-db allow all-unenrolled I downloaded the user certs and tested a few to ensure I could authenticate with aaa and user certs. I was successful.
After a week or so I was going to test the whole path for VPN users will use. I was then unable to authenticate with the certificates Anyconnect said certificate validation failed.
The syslog errors I get are 71009 and 717027. I checked the CA and it is enabled, the dates on the certificates are still good, time on the asa is correct and I have no cert revocations.
I am able to authenticate to the VPN when only using aaa.
After ensuring I could still authenticate I created a test01 cert on one of the ASA's and installed it on my machine. I was then able to authenticate using aaa and user certs.
Any thoughts on why the user certs aren't working and how to fix it?
This is a LOCAL-CA-SERVER
Newt
After a week or so I was going to test the whole path for VPN users will use. I was then unable to authenticate with the certificates Anyconnect said certificate validation failed.
The syslog errors I get are 71009 and 717027. I checked the CA and it is enabled, the dates on the certificates are still good, time on the asa is correct and I have no cert revocations.
I am able to authenticate to the VPN when only using aaa.
After ensuring I could still authenticate I created a test01 cert on one of the ASA's and installed it on my machine. I was then able to authenticate using aaa and user certs.
Any thoughts on why the user certs aren't working and how to fix it?
This is a LOCAL-CA-SERVER
Newt
