All 3 need to be in PEM format.ĭefinitely don't use the system keychain, anyconnect only looks in the login keychain (and the FF store, and the PEM file store). pem extention, private key needs to have same filename as client cert but with. You may have to remove the cert from the keychain to make this work.Ī third option is to put the certificates and key in in ~/.cisco/certificates (the issuer cert in subdirectory /ca, the client cert in /client, the private key in /client/private). In other words, if you click Certificates in the Category pane in Keychain Access, and then click the cert, does it show the private key as linked to this cert?Īs a possible workaround: if you have Firefox installed then import the cert in FF (Preferences -> Advanced -> Encryption -> View certificates -> Import).
Now just to be sure: you did import the private key as well, right? I see a private key present in the screenshot, just want to make sure it is one that you imported along with the cert, not a key that just happens to have the same name but is a leftover from another test. As my colleague indicated, /var/log/system.log should hopefully give some indication as to what's wrong.
0 kommentar(er)
