Server certificate problem with Cisco AnyConnect VPN Client

The following fix worked for me - fresh install of 12.04 LTS 32bit (with Firefox 12). Installed the AnyConnect client, then tried to run it.

Got this message:

AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network.

Checked syslog in Ubuntu. Lots of this sort of stuff:

CERTSTORE_ERROR_CERT_NOT_FOUND The /opt/.cisco/certificates/ca/ directory was not found

Created /.cisco/certificates/ca directories in /opt using sudo

cd /opt
sudo mkdir .cisco
cd .cisco/
sudo mkdir certificates
cd certificates/
sudo mkdir ca

We use Globalsign as our certificate authority. So I just copied all the Globalsign .pem files from /etc/ssl/certs. If you don't know your provider, you could just copy everything.

sudo cp /etc/ssl/certs/Global* /opt/.cisco/certificates/ca

or if CA is unknown

sudo cp /etc/ssl/certs/cd /etc/ssl/cert/* /opt/.cisco/certificates/ca

I was able to start the AnyConnect client and connect to the VPN

Hope this helps.

I can confirm that this problem exists. Anyconnect client worked fine with 11.10 but stops working with 12.04. Old trick with links to firefox libraries does not work anymore. I end up using OpenConnect.

Installation: http://www.humans-enabled.com/2011/06/how-to-connect-ubuntu-linux-to-cisco.html Routing: http://www.redips.net/linux/vpn-client-and-routing-2/

More details on Cisco Anyconnect problem:

As you can see from log: user was able to login, but Anyconnect client still failed to establish vpn connection.

Cisco AnyConnect VPN Client (version 2.5.3055) .

state: Connecting
notice: Establishing VPN session...
notice: Checking for profile updates...
notice: Checking for product updates...
notice: Checking for customization updates...
notice: Checking for localization updates...
state: Connecting
notice: Establishing VPN session...
notice: Establishing VPN - Initiating connection...
state: Disconnecting
notice: Disconnect in progress, please wait...
state: Disconnected
notice: VPN session ended.
error: The certificate on the secure gateway is invalid. A VPN connection will not be established.

error: AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.
notice: Connection attempt has failed.
state: Disconnected

Copying the certificates did not work, but a combination of the two ended up working for me:

cd /etc/ssl/certs/cd
sudo ln -s /etc/ssl/certs/Global* .

Then ...

sudo apt-get install firefox 
cd /opt/cisco/vpn/lib
sudo ln -s /usr/lib/firefox/lib*.so .

... and bingo. I can log into work now :)

This is how I did it.

cd /opt
sudo mkdir .cisco
cd .cisco/
sudo mkdir certificates
cd certificates/
sudo mkdir ca

I then found out which certificate authority we use, which was COMODO, found a site that uses this CA, downloaded it with a browser and put it into the

/opt/.cisco/certificates/ca/ directory

voila!

I tried these solutions listed above and none of them helped. But when I tried some of these solutions below having to do with the firefox libraries, I had success!

Override certificate error in Cisco AnyConnect Client on Ubuntu 12.04 64 bit

Cisco AnyConnect in 64bit Ubuntu Linux

I can't say which is the BEST solution, but I followed the directions on both of these sites and had success. Perhaps you can find a solution that works for you. If you know which one is the best, please let us know which variable solved the problem immediately. All I know is that after making some of these changes, I finally got my Cisco Anyconnect VPN working. I am Firefox on Ubuntu 12.04.

Problem solved on Ubuntu 12.04 64 bits. see here: http://www.oit.uci.edu/security/vpn/vpn-lin.html

Make sure that you have Firefox installed and are able to successfully launch it. If all is successful, there are a few other troubleshooting steps to try.