2-6
Cisco AnyConnect VPN Client Administrator Guide
OL-12950-012
Chapter 2 Common AnyConnect VPN Client Installation and Configuration Procedures
Before You Install the AnyConnect Client
Recommendation: Administrators should import the root certificate that was used to sign that server
certificate (for example, their own certificate authority or cacert.org) into every client machine out
of band via E-mail, website, floppy disk, and so on.
• Scenario B: The user gets the server certificate for the security appliance from the certificate
authority that sits on the security appliance.
The user sees the Security Alert pop-up on the first connection attempt but never thereafter until he
or she sw
itches to a different security appliance and back.
Recommendation: Administrators should import the root certificate of the certificate authority that
si
ts on the security appliance into every client machine out of band via E-mail, website, floppy disk,
and so on.
• Scenario C: the security appliance is at default configuration and certificates haven't been
configured.
When at default, the security applia
nce generates a self-signed server certificate that the
AnyConnect client does not trust.
The user sees the Security Alert pop-up on the first connection attempt but never thereafter until he
or she sw
itches to a different security appliance and back.
Recommendation: Administrators should correctly configure ce
rtificates on their security appliance
before attempting client connections to them.
In Response to a Microsoft Internet Explorer “Security Alert” Window
The following procedure explains how to install a self-signed certificate as a trusted root certificate on
a client in response to a Microsoft Internet Explorer Security Alert window. This window opens when
y
ou establish a Microsoft Internet Explorer connection to a security appliance that is not recognized as
a trusted site. The upper half of the Security Alert window shows the following text:
Information you exchange with this site cannot be viewed or changed by others.
However, there is a problem with the site's security certificate. The security
certificate was issued by a company you have not chosen to trust. View the certificate
to determine whether you want to trust the certifying authority.
Install the certificate as a trusted root certificate as follows:
Step 1 Click View Certificate in the Security Alert window.
The Certificate window opens.
Step 2 Click Install Certificate.
The Certificate Import W
izard Welcome opens.
Step 3 Click Next.
The Certificate Import Wizard – Ce
rtificate Store window opens.
Step 4 Select “Automatically select the certificate store based on the type of certificate.”
Step 5 Click Next.
The Certificate Import Wizard – Completing window opens.
Step 6 Click Finish.
Step 7 Another Security Warning window prompts “Do you want to install this certificate?” Click Yes.
The Certificate Import Wizard window indicates the import is successful.
Step 8 Click OK to close this window.
To Next Page
Loading...
Need help?
General