Fixing "Security Warning: Untrusted VPN Server Certificate!" with Cisco AnnyConnect on Linux
From Andreas Kotowicz - https://plus.google.com/+AndreasKotowicz/posts/2afhvvNZpE6
Fixing "Security Warning: Untrusted VPN Server Certificate!" with Cisco AnnyConnect on Linux
After an update of the Cisco AnnyConnect Secure Mobility Client for Linux in September 2012, the following error message showed up every time while trying to connect with the VPN server:
Security Warning: Untrusted VPN Server Certificate!
AnyConnect cannot verify VPN server: serverName
Certificate is from an untrusted source.
Connecting to this server may result in a severe security compromise!
What's funny about this error message is that it only shows up while trying to connect from Linux. Windows and MacOS don't seem to be affected. This is how I fixed it:
# cd into hidden '.cisco' directory:
$ cd /opt/.cisco/certificates
# rename ca directory
$ sudo mv ca ca.orig
# link system certificate directory to ca
$ sudo ln -sf /etc/ssl/certs/ ca
# restart vpn service
$ sudo /etc/init.d/vpnagentd restart
Alternatively, you can also download and install the certificate chain file from your VPN provider:
# cd into hidden '.cisco' directory:
$ cd /opt/.cisco/certificates/ca
# download certificate chain file (pem file) from you CA authority
$ sudo wget http://example.com/path/to/chain.txt
# rename file accordingly
$ sudo mv chain.txt my_vpn.pem
# restart Cisco AnyConnect & the error message should be gone.
# sudo cp /etc/ssl/certs/Global* /opt/.cisco/certificates/ca
From Andreas Kotowicz - https://plus.google.com/+AndreasKotowicz/posts/2afhvvNZpE6
Fixing "Security Warning: Untrusted VPN Server Certificate!" with Cisco AnnyConnect on Linux
After an update of the Cisco AnnyConnect Secure Mobility Client for Linux in September 2012, the following error message showed up every time while trying to connect with the VPN server:
Security Warning: Untrusted VPN Server Certificate!
AnyConnect cannot verify VPN server: serverName
Certificate is from an untrusted source.
Connecting to this server may result in a severe security compromise!
What's funny about this error message is that it only shows up while trying to connect from Linux. Windows and MacOS don't seem to be affected. This is how I fixed it:
# cd into hidden '.cisco' directory:
$ cd /opt/.cisco/certificates
# rename ca directory
$ sudo mv ca ca.orig
# link system certificate directory to ca
$ sudo ln -sf /etc/ssl/certs/ ca
# restart vpn service
$ sudo /etc/init.d/vpnagentd restart
Alternatively, you can also download and install the certificate chain file from your VPN provider:
# cd into hidden '.cisco' directory:
$ cd /opt/.cisco/certificates/ca
# download certificate chain file (pem file) from you CA authority
$ sudo wget http://example.com/path/to/chain.txt
# rename file accordingly
$ sudo mv chain.txt my_vpn.pem
# restart Cisco AnyConnect & the error message should be gone.
# sudo cp /etc/ssl/certs/Global* /opt/.cisco/certificates/ca