MX250 Cisco AnyConnect Custom Hostname Certificates

DTheMan
Here to help

MX250 Cisco AnyConnect Custom Hostname Certificates

Hello Everyone, 

 

Has anyone configured custom hostname certificate with Cisco MX250 AnyConnect VPN?  I am trying to add the certificate and receiving following error.

DTheMan_0-1653312341012.png

 

The URL I am following is https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance

 

3 Replies 3
CptnCrnch
Kind of a big deal
Kind of a big deal

Do you have a split Root- / Issuing CA setup? Have you uploaded the full certificate chain then?

PhilipDAth
Kind of a big deal
Kind of a big deal

I'm with @CptnCrnch - something is most likely wrong with the CA chain you are uploading.  Your certificate must be issued by the chain you are uploading.

 

Also, is there any reason to even both with the pain of using a custom DNS name?  You know you can configure AnyConnect to display your company name simply, so the user never sees the DNS name or have to type it in?  I have a tool for writing the AnyConnect profiles to do this.

https://www.ifm.net.nz/cookbooks/online-anyconnect-profile-editor.html 

Then you can just use the DDNS name, and use the automatic certificates, and never have to worry about renewing the certificates because it is automatic.

DTheMan
Here to help

@CptnCrnch  and @PhilipDAth 

 

I was able to resolve the problem by combining the CA Certificate and Intermediate cert in text file and renaming the .txt ext to .cer.

Get notified when there are additional replies to this discussion.