On Fri, 2015-01-09 at 20:54 +0800, tefeng wrote: > > It seemed that ACSMC on win7 didn't recognize the certificate (imported > via 'mmc' command, the same way for strongSwan certificate which works OK). > > Any recommendations would be really appreciated. Thanks in adv. Were you looking for recommendations other than using OpenConnect on Windows? https://github.com/openconnect/openconnect-gui/wiki How does the Cisco client know which certificate to use? In the profile there is a <CertificateMatch> node which looks something like this: <CertificateMatch> <KeyUsage> <MatchKey>Digital_Signature</MatchKey> </KeyUsage> <ExtendedKeyUsage> <ExtendedMatchKey>ClientAuth</ExtendedMatchKey> <CustomExtendedMatchKey>1.2.840.113741.1.5.1.101.1.5</CustomExtendedMatchKey> </ExtendedKeyUsage> </CertificateMatch> Do you have something similar in your profile, and does the certificate you've imported match the criteria? -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150109/68ad2b6d/attachment.bin>
