Server certificate problem with Cisco AnyConnect VPN Client

When I try to connect using the Cisco AnyConnect VPN Client, I receive this error:

Connection attempt has failed due to server certificate problem.

Connection attempt has failed due to server certificate problem.

I happened to have this problem in my previous Ubuntu 11.10 installation. That time I could fix it using some tutorials on the internet (I don't remember which one). Basically, they suggested installing 4-5 packages and then some ln -s. But this time none of them are working. Can anyone help me step by step?


Solution 1:

The following fix worked for me - fresh install of 12.04 LTS 32bit (with Firefox 12). Installed the AnyConnect client, then tried to run it.

Got this message:

AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network.

Checked syslog in Ubuntu. Lots of this sort of stuff:

CERTSTORE_ERROR_CERT_NOT_FOUND The /opt/.cisco/certificates/ca/ directory was not found

Created /.cisco/certificates/ca directories in /opt using sudo

cd /opt
sudo mkdir .cisco
cd .cisco/
sudo mkdir certificates
cd certificates/
sudo mkdir ca

We use Globalsign as our certificate authority. So I just copied all the Globalsign .pem files from /etc/ssl/certs. If you don't know your provider, you could just copy everything.

sudo cp /etc/ssl/certs/Global* /opt/.cisco/certificates/ca

or if CA is unknown

sudo cp /etc/ssl/certs/cd /etc/ssl/cert/* /opt/.cisco/certificates/ca

I was able to start the AnyConnect client and connect to the VPN

Hope this helps.

Solution 2:

I can confirm that this problem exists. Anyconnect client worked fine with 11.10 but stops working with 12.04. Old trick with links to firefox libraries does not work anymore. I end up using OpenConnect.

Installation: http://www.humans-enabled.com/2011/06/how-to-connect-ubuntu-linux-to-cisco.html Routing: http://www.redips.net/linux/vpn-client-and-routing-2/

More details on Cisco Anyconnect problem:

As you can see from log: user was able to login, but Anyconnect client still failed to establish vpn connection.

Cisco AnyConnect VPN Client (version 2.5.3055) .

state: Connecting
notice: Establishing VPN session...
notice: Checking for profile updates...
notice: Checking for product updates...
notice: Checking for customization updates...
notice: Checking for localization updates...
state: Connecting
notice: Establishing VPN session...
notice: Establishing VPN - Initiating connection...
state: Disconnecting
notice: Disconnect in progress, please wait...
state: Disconnected
notice: VPN session ended.
error: The certificate on the secure gateway is invalid. A VPN connection will not be established.

error: AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.
notice: Connection attempt has failed.
state: Disconnected