Pages

03 March 2024

677. Cisco Anyconnect on debian 12.5 -- certificate issues

 If you're getting

"AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again."

and

"The certificate on the secure gateway is invalid. A VPN connection will not be established"

when you're using Cisco AnyConnect on Debian 12 and over, it's because of read permissions (you can confirm by running vpnui with gksu)). The solution is given here: Link

In brief, you'll need to edit /opt/cisco/anyconnect/AnyConnectLocalPolicy.xml and change 

<BypassDownloader>false</BypassDownloader><ExcludeFirefoxNSSCertStore>false</ExcludeFirefoxNSSCertStore><ExcludePemFileCertStore>false</ExcludePemFileCertStore>

to

<BypassDownloader>false</BypassDownloader>
<ExcludeFirefoxNSSCertStore>true</ExcludeFirefoxNSSCertStore>
<ExcludePemFileCertStore>false</ExcludePemFileCertStore>