Meraki Community

JohnT · ‎Apr 4 2022

Hi There, I currently have a working setup wtih AnyConnect and a Windows Certificate Authority and it work great. However, we have a few MacOs laptops that I'm struggling to figure out how to generate a user certificate request to process on my Windows certificate authority. The Macs are not domain joined. is this even possible? I would be interested to know if someone has this working.

CptnCrnch · ‎Apr 5 2022

Asa far as I'm informed, only AD joined devices will be able to automatically reveive and renew certificates. Everything else has to be done manually.

JohnT · ‎Apr 5 2022

We have such a small amount of Macs that I would be ok with a manual process. Ideally, the ability to do this from the command line would be optimal. I'm guessing there must be a way to generate a CSR and have it signed by the Windows CA.

jmyers96 · ‎Feb 3 2023

Hey John. Did you ever find a solution for this? We are deploying AnyConnect with the certificate authentication, and we have just a handful of Macs that we would like to utilize this function on as well.

JohnT · ‎Feb 3 2023

The only way we could get it to work was to install the Windows Certificate Server web server on our certificate authority. Each user on a Mac would have to run the certificate wizard in the keychain to create a certificate request and then submit it through the Windows certificate server. It's not ideal, but it works.

Also, just a heads up that using MacOS certificates and AnyConnect is broken on 17.10.2. We are working with support and are stuck on 16.16.3 right now.

Meraki Community

AnyConnect User Certificates on a Mac

AnyConnect User Certificates on a Mac