Cisco Anyconnect No Valid Certificates Available For Authentication Macos

by

KB ID 0001279

Nov 13, 2014 Searching for Cisco in the Certificate Store results in no certificates, but on a Windows 7 machine, which works, one certificate shows up: Cisco Root CA 2048 Is anyone else seeing this? Jun 13, 2013 Valid Certificate Not Present. After you remove a valid certificate from Windows7, AnyConnect cannot find any valid certificates: On the ASA, it looks like the session is terminated by the client (Reset-I):%ASA-6-302013: Built inbound TCP connection 2489 for outside:10.147.8.

Problem

Valid

We had a firewall fail at work this week, as part of the rebuild the latest OS was put on it, version 9.7(1). I thought no more about it until I tried to VPN in and got this;

Cisco anyconnect certificate setup

Anyconnect No Valid Certificates Available

I used my Windows 10 VM and that connected fine, only my MacBook could not connect, this VPN tunnel is a big deal I need it to get onto client’s networks. I tried my other VPN connections and every one was fine, only the recently rebuilt one didn’t work? Ive seen OSX throw a wobbly with AnyConnect in the past so I did a complete uninstall, deleted the opt/cisco folder and put on the latest version (4.4.00243 at time of writing) no change.

VPN

Connection attempt has failed due to server communication errors. Please retry the connection

A look in the client message history showed me this..

Connection attempt has failed.

No valid certificates available for authentication.

I checked my certificates, and the certificate on the firewall both they, (and the certificate chain,) were fine.

Debugging AnyConnect gave NO OUTPUT at all, but debugging SSL showed me this;

Try Googling that and getting a result! In fact that’s probably what brought you here.

Solution

If you change a Cisco OS and things like this stop working normally it’s because they’ve dropped support for something that’s got a security hole in it. In the wake of the Poodle Exploit I assumed it was an SSL/TLS problem, but that wasn’t it.

Cisco Anyconnect No Valid Certificates Available For Authentication Osx

I was in the right ball park though, and a bit of lateral thinking and SSL cipher problems I’ve had with ASDM, made me think, what if it’s SHA that’s been dropped because everyone is dropping SHA1 cause it’s the hashing algorithm of Satan?

Well as soon as I added a SHA1 ciphers back in, everything started working again!

Disclaimer: SHA1 is bad, where practical all cert ciphers should be at least SHA256

Related Articles, References, Credits, or External Links

NA