Tuesday, January 6, 2015

Cisco AnyConnect with Go Daddy (GoDaddy) Certificate Certificate Error (Not Trusted) in Safari (So on Apple Mac, iPhone, iPad, etc.)

Recently I had a client complain that Apple users were experiencing certificate errors.  The first thing I checked was to see if the intermediate certificate was installed.  It was.  But what I discovered is, it appears the ASDM only imports the first certificate in the bundle and that apparently Safari doesn't have Go Daddy as a trusted root CA.  I had to split the intermediate certificate into two files and install them.  Here is how I resolved the problem.

1) When you download your Certificate, choose "Apache" or "Other".

2) Open the file gd_bundle-g2-g1.crt, you'll see two certificates with
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

3) Remove the second certificate from the file and paste it into a new file, save the file with a .crt extension.  So you'll have two files.  The first with the first certificate in the file, the second with he second certificate.

4) Open the ASDM and log in.

5) Click on "Configuration", open "Certificate Management", click on "CA Certificates."  (Your ASDM Certificate should already be located under "Identity Certificates")

6) Click "Add", select your first file, click install certificate.  Repeat for the second file.

7) Click "Apply", then "Save".

If you have trouble with step 2, you can download the files from here-
https://www.dropbox.com/sh/ltvx4olrcev7osk/AAAubPLuFXfEoojewaHE9gUIa?dl=0

No comments:

Post a Comment