We are running Openconnect on rhel7 against Cisco ASA(with hostscan enabled). After an upgrade for hostscan that was released recently version 4.3.0538 we are having problems connecting. It seems to be due to a bugfix that cisco provided in this release: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/an yconnect43/release/notes/b_Release_Notes_AnyConnect_4_3.html#reference_ yfw_wnj_r1b "cstub should validate server certificates for a ssl connection" cstub binary is triggered by the cisco-wrapper script and tries to communicate with the vpn server but fails because it can not verify the root CA certificate. We have tried to place the root CA certificate in every thinkable certstore but no luck. When running strace on cstub it looks like its actually reading the root CA cert from for example /opt/.cisco/certificates/ca but the certificate validation still fails. Is anyone else experiencing this problem ? -- Peter Magnusson ITpc SMHI Telefon 011-495 8547 Fax 011-4958350 Epost Peter.Magnusson at smhi.se 601 76 Norrk?ping Bes?ksadress Folkborgsv?gen 17 www.smhi.se
