Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual page 24

Before You Install the AnyConnect Client
Recommendation: Administrators should import the root certificate that was used to sign that server
certificate (for example, their own certificate authority or cacert.org) into every client machine out
of band via E-mail, website, floppy disk, and so on.
Scenario B: The user gets the server certificate for the security appliance from the certificate
•
authority that sits on the security appliance.
The user sees the Security Alert pop-up on the first connection attempt but never thereafter until he
or she switches to a different security appliance and back.
Recommendation: Administrators should import the root certificate of the certificate authority that
sits on the security appliance into every client machine out of band via E-mail, website, floppy disk,
and so on.
Scenario C: the security appliance is at default configuration and certificates haven't been
•
configured.
When at default, the security appliance generates a self-signed server certificate that the
AnyConnect client does not trust.
The user sees the Security Alert pop-up on the first connection attempt but never thereafter until he
or she switches to a different security appliance and back.
Recommendation: Administrators should correctly configure certificates on their security appliance
before attempting client connections to them.
In Response to a Microsoft Internet Explorer "Security Alert" Window
The following procedure explains how to install a self-signed certificate as a trusted root certificate on
a client in response to a Microsoft Internet Explorer Security Alert window. This window opens when
you establish a Microsoft Internet Explorer connection to a security appliance that is not recognized as
a trusted site. The upper half of the Security Alert window shows the following text:
Information you exchange with this site cannot be viewed or changed by others.
However, there is a problem with the site's security certificate. The security
certificate was issued by a company you have not chosen to trust. View the certificate
to determine whether you want to trust the certifying authority.
Install the certificate as a trusted root certificate as follows:
Click View Certificate in the Security Alert window.
Step 1
The Certificate window opens.
Click Install Certificate.
Step 2
The Certificate Import Wizard Welcome opens.
Step 3 Click Next.
The Certificate Import Wizard – Certificate Store window opens.
Select "Automatically select the certificate store based on the type of certificate."
Step 4
Click Next.
Step 5
The Certificate Import Wizard – Completing window opens.
Click Finish.
Step 6
Another Security Warning window prompts "Do you want to install this certificate?" Click Yes.
Step 7
The Certificate Import Wizard window indicates the import is successful.
Click OK to close this window.
Step 8
Cisco AnyConnect VPN Client Administrator Guide
2-6
Chapter 2 Common AnyConnect VPN Client Installation and Configuration Procedures
OL-12950-012