Apple iOS User Guide for Cisco AnyConnect Secure Mobility Client, Version 4.0.x
-🖥️-
Certificates are used to digitally identify each end of a VPN connection: the secure gateway, server, AnyConnect client, or user. The server certificate defines the secure gateway to AnyConnect, and the user certificate identifies the AnyConnect user of the secure gateway. Certificates are obtained from and verified by Certificate Authorities (CAs).
When establishing a connection, AnyConnect always expects a server certificate from the secure gateway. The secure portal does not expect a certificate from AnyConnect unless it is configured to do so. Expecting an AnyConnect user to enter credentials manually is another way to authenticate a VPN connection. In fact, the secure portal can be configured to authenticate AnyConnect users with a digital certificate, with manually entered credentials, or with both. Certificate authentication only allows VPNs to connect without user interaction.
The administrator directs the distribution and use of certificates on the secure portal and on your device. Follow the instructions provided by your administrator to import, use, and manage user and server certificates for AnyConnect VPNs. The information and procedures in this document relating to certificates and certificate management are provided for your understanding and reference.
AnyConnect stores user and server certificates for authentication in its own certificate store. The AnyConnect certificate store is managed from the Diagnostics > Certificates screen.
User Certificate Management
In order to authenticate the secure gateway with a digital certificate, the user’s certificate must be imported and configured to use a VPN.
User certificates are imported using one of the following methods, as directed by the administrator:
Once the certificate is imported, it can be associated with a specific connection entry or selected automatically during connection creation for authentication.
Server Certificate Management
A server certificate received from the secure gateway during connection establishment automatically authenticates that server to AnyConnect, if and only if it is valid and trusted. Other:
-
A valid, but untrusted server certificate is reviewed, licensed, and imported into the AnyConnect certificate store. Once the server certificate is imported into the AnyConnect store, subsequent connections made to the server with this digital certificate are automatically accepted.
-
An invalid certificate cannot be imported into the AnyConnect Store. It can only be accepted to complete the current connection. This is not recommended.
Server certificates in the AnyConnect Store can be deleted if they are no longer needed for authentication.
[ad_1]
Don’t forget to share this post with friends !
