Guest

Preview Tool

Cisco Bug: CSCvj09137 - Need to add the ability to select certificates for multi-cert authentication

Last Modified

Jun 22, 2018

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.7(1.250)

Description (partial)

Symptom:
--Unable to manually select user certificate when doing multi-certificate authentication for AnyConnect RA Client. 
--Multi-certificate authentication turns on automatic certificate selection (unable to disable...that what we want to do with this enhancement) 
--Have certificates from other domains on the card
--Automatic certificate selection selects card for other domain
--Authentication fails

Conditions:
-Have multi-cert authentication (with machine and user cert) enabled 
---This requires automatic cert selection.
-Everything works fine if there's a single machine and single user cert .
-Everything works fine with a single machine cert and multiple user certs are available as long as all certificates can authenticate to the domain, because no matter what it selects, it will authenticate.
-Some users have a smart card with multiple user certs, and one of them may be for a different network.  -Automatic Certificate selection may select this certificate, which will fail to authenticate.
--We can get AnyConnect to select the correct user certificate with certificate matching, however this causes the machine certificate to be ignored. 
-- We would like the ability to manually select the user cert from the smart card, while also still using automatic certificate selection in the machine certificate store (or other combinations).
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.