Success! Pulling in certs was the last thing it needed. I'm up and running and the vpn connection is working great. Thank you all very much for your help, I couldn't have gotten this far without it. R/S MM -----Original Message----- From: David Woodhouse [mailto:dwmw2 at infradead.org] Sent: Thursday, July 12, 2012 4:17 PM To: Mcclelland, Michael B Mr CTR USN USA Cc: openconnect-devel at lists.infradead.org Subject: Re: CAC modules On Thu, 2012-07-12 at 16:09 -0400, Mcclelland, Michael B wrote: > Just a quick update on my progress. The patch did fix my issue > presenting the certificate to the server; thanks again. I'm now to > find out why the ASA rejects my certificate when I connect with > Openclient. My first thought would be that the server doesn't have the full trust chain back to its root. You can use tcpdump to capture the exchange between you and the server: tcpdump -i eth0 -s 1500 host $VPNSERVER -w filename.cap Replace 'eth0' with the name of the interface you're using for your Internet connection. Perhaps it's 'wlan0' if you're on wireless. If you send me (in private) the capture files which show OpenConnect and the Cisco client connecting, we can compare the two. -- dwmw2