Meraki

Community

Setting up Cisco Any Connect with custom certificate

Announcer
Getting noticed
‎Aug 15 2025 3:00 PM
‎Aug 15 2025 3:00 PM

Setting up Cisco Any Connect with custom certificate

I have tested the MX AnyConnect and it works fine.  I wanted to have it so the certificate is trusted.  

I choose "custom" in "secure connection between MX and Cisco  Secure clients" and click on "generate csr"

For the Common Name, I'm struggling.

Do I put the dynamic host name: xxx-xxxxx.dynamic-m.com?  If I go this route, and enter the csr in an SSL website, it asks to be authenticated via email going to admin@xxx-xxxxx.dynamic-m.com---which of course I don't have access to.  How can this be resolved?

Announcer_0-1755295005634.png

 

 

Labels:
0 Kudos
6 Replies 6
Mloraditch
Kind of a big deal
Kind of a big deal
‎Aug 15 2025 4:18 PM
‎Aug 15 2025 4:18 PM

The custom cert option is if you want to use remote.yourdomain.com or similar. Meraki will auto provision a trusted cert for the dynamic dns url and no additional work is needed if you are ok providing that url to your users.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Aug 18 2025 10:49 AM
‎Aug 18 2025 10:49 AM

To add to @Mloraditch if you want to use your own domain for AnyConnect, if you have a HA pair of MX'es you'll need to provide a certificate for both the active and standby MX.

You cannot use the same certificate for both.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
In response to rhbirkelund
Announcer
Getting noticed
‎Aug 18 2025 11:02 AM
‎Aug 18 2025 11:02 AM

Thanks.  I do plan on using warm spare.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 17 2025 2:09 PM
‎Aug 17 2025 2:09 PM

The certificate used by Meraki for the AnyConnect head end is already a publicly trusted certificate.  Just connect to the DDNS name.

0 Kudos
In response to PhilipDAth
Announcer
Getting noticed
‎Aug 18 2025 10:54 AM
‎Aug 18 2025 10:54 AM

What do you mean by connect to the ddns name mean?  When I use the general one, I get the notification that the certificate is not trusted.

0 Kudos
In response to Announcer
Mloraditch
Kind of a big deal
Kind of a big deal
‎Aug 18 2025 11:52 AM
‎Aug 18 2025 11:52 AM

He's talking about this setting, whatever that URL is should work without certificate issues. If it's not it's probably your endpoints trusted roots not up to date, but you can check with support to verify the cert is provisioned

Mloraditch_0-1755543084580.png
https://documentation.meraki.com/MX/Other_Topics/Dynamic_DNS_(DDNS)

 

 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.