Meraki

Community

About Tor_in_Bergen

Re: Meraki MX Client VPN AnyConnect settings for Certificate-based authenti...

by in Security & SD-WAN
‎Aug 15 2023 2:39 AM
‎Aug 15 2023 2:39 AM
Got links from Support describing requirements for the certificates and have now set up a test with self-signed certificates. Seeing that things work if the certificate has the correct setup. This is anyway client authentication so the client needs private keys, remember to use a template that has client authorization as its use.   https://documentation.meraki.com/General_Administration/Other_Topics/Certificate_Requirements_for_TLS   https://learn.microsoft.com/en-GB/troubleshoot/windows-server/networking/certificate-requirements-eap-tls-peap ... View more

Re: Meraki MX Client VPN AnyConnect settings for Certificate-based authenti...

by in Security & SD-WAN
‎Aug 10 2023 12:50 AM
‎Aug 10 2023 12:50 AM
The DART bundle is nice stuff!   From the Anyconnect log in the bundle (from Cisco Secure Client) it’s looks like I do not have a VPN Profile. Therby If no certificate matching criteria is specified, Cisco Secure Client applies the following certificate matching rules: Key Usage: Digital_Signature Extended Key Usage: Client Auth   Should like to know if this message means that the CA root cert is okey;   "Description : Function: CTransportCurlStatic::PeerCertVerifyCB File: C:\temp\build\thehoff\Quicksilver_MR20.384855878117\Quicksilver_MR2\vpn\Api\CTransportCurlStatic.cpp Line: 1062 Return success from VerifyServerCertificate"   AND is it actually possible to change the crypto dialog by changing the clients XML by using Cisco Secure Client Profile Editor?  Seems like in the Certificate Matching module..?   Open a support case in this matter yes.. ... View more

Re: Meraki MX Client VPN AnyConnect settings for Certificate-based authenti...

by in Security & SD-WAN
‎Aug 9 2023 12:19 AM
‎Aug 9 2023 12:19 AM
Hi Alex,   We have taken out the Root CA certificate as .cer  (with BASE64 format)and uploaded it with the «Browse» button. Says «uploaded» but we are not sure it’s accepted. When we roll out a certificate to the client we  taught it would be sufficient with a client certificate from the same issuer as specified in the root cert. The subject/owner is the client itself so it’s different from the root Ca cert. From a cryptography perspective we  just want the AnyConnect server on the MX to accept all client certificates from the same  issuer (our own CA) The Secure Client is able to see the client certificate but will not accept it, seems like our root CA cert is not accepted, there are some requirements we not fulfill for sure but wich...?     ... View more

Re: Meraki MX Client VPN AnyConnect settings for Certificate-based authenti...

by in Security & SD-WAN
‎Aug 4 2023 12:23 AM
‎Aug 4 2023 12:23 AM
Hi Philip, We have found very little info about the cryptography in this matter, is it client auth in the process or not? We have used a workstation certificate template, not sure that’s the right one We have rolled out all the client certificates to the local machine store. When we uploaded our root certificate we expected AnyConnct to accept any client certificates issued to the local machine by our CA. Can you elaborate on what you mean here, how do we change crypto settings on the Anyconnect server on MX? ... View more

Meraki MX Client VPN AnyConnect settings for Certificate-based authenticati...

by in Security & SD-WAN
‎Aug 3 2023 5:03 AM
‎Aug 3 2023 5:03 AM
We are setting up AD authentication in the MX AnyConnect setting -its working fine until we enabled a certificate. The AnyConnect server on the MX supports client certificate authentication as a factor of authentication. If certificate authentication is enabled, the AnyConnect server will use the uploaded trusted CA certificate to validate authenticating clients before requesting for the users' credentials. We have a Windows CA in Enterprise mode, should we just export the Root certificate in PEM format, from Windows a file named .cer in Base64 format?? Manual says; With certificate authentication, the administrator uploads a .pem or .crt file of the issuing CA certificate to the MX.                                                                                                                                                        , Since we have our own CA we autoenroll a Workstation template based certificate to the end user's device.   It's not working as we hoped - Any ideas? ... View more
© 2025 Cisco Systems, Inc.