Openconnect and Cisco hostscan

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2017-09-12 at 15:11 +0000, Magnusson Peter wrote:
> We are running Openconnect on rhel7 against Cisco ASA(with hostscan
> enabled). After an upgrade for hostscan that was released recently
> version 4.3.0538 we are having problems connecting.
> 
> It seems to be due to a bugfix that cisco provided in this release:
> https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/
> an
> yconnect43/release/notes/b_Release_Notes_AnyConnect_4_3.html#referenc
> e_
> yfw_wnj_r1b
> "cstub should validate server certificates for a ssl connection"
> 
> cstub binary is triggered by the cisco-wrapper script and tries to
> communicate with the vpn server but fails because it can not verify
> the
> root CA certificate.?
> 
> We have tried to place the root CA certificate in every thinkable
> certstore but no luck. When running strace on cstub it looks like its
> actually reading the root CA cert from for example
> /opt/.cisco/certificates/ca but the certificate validation still
> fails.

Is the cstub a program for RHEL7? If yes, it should read the
certificates from the locations documented in update-ca-trust manpage.
Otherwise you may want to use strace, to figure where it looks for
them.

regards,
Nikos




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux