The objective of this article is to guide you through creating and installing a self-signed certificate as a trusted source on a Windows machine. This will eliminate the “Untrusted Server” warning in AnyConnect.
The Cisco AnyConnect Virtual Private Network (VPN) Mobility Client provides remote users with a secure VPN connection. It provides the benefits of a Cisco Secure Sockets Layer (SSL) VPN client and supports applications and functions unavailable to a browser-based SSL VPN connection. Commonly used by remote workers, AnyConnect VPN lets employees connect to the corporate network infrastructure as if they were physically at the office, even when they are not. This adds to the flexibility, mobility, and productivity of your workers.
Certificates are important in the communication process and are used to verify the identity of a person or device, authenticate a service, or encrypt files. Self-signed certificate is a SSL certificate which is signed by its own creator.
When connecting to AnyConnect VPN Mobility Client for the first time, users may encounter an “Untrusted Server” warning as shown in the image below.
Follow the steps in this article to install a self-signed certificate as a trusted source on a Windows machine, to eliminate this issue.
As a prerequisite, you need to ensure that your router has the correct time set, including time zone and daylight savings time settings.
Navigate to System Configuration > Time.
Ensure that everything is set correctly.
Log into the RV34x series router and navigate to Administration > Certificate.
Click on Generate CSR/Certificate.
Fill out the following information:
Click on Generate.
Select the Certificate that was just created and click on Select as Primary Certificate.
Refresh the Web User Interface (UI). Since it is a new certificate, you will need to log in again. Once you have logged in, go to VPN > SSL VPN.
Change Certificate File to the newly created Certificate.
Click Apply.
To install a self-signed certificate as a trusted source on a Windows machine, to eliminate the “Untrusted Server” warning in AnyConnect, follow these steps:
Log into the RV34x series router and navigate to Administration > Certificate.
Select the default self-signed Certificate and click on the Export button to download your Certificate.
In the Export Certificate window, enter a password for your Certificate. Re-enter the password in the Confirm Password field and then click Export.
You will see a pop-up window to notify that the Certificate has been downloaded successfully. Click Ok.
Once the Certificate has been downloaded to your PC, locate the file, and double click it.
The Certificate Import Wizard window will appear. For the Store Location, select Local Machine. Click Next.
On the following screen Certificate location and information will be displayed. Click Next.
Enter the Password you selected for the Certificate and click Next.
On the next screen, select Place all certificates in the following store and then click on Browse.
Select Trusted Root Certification Authorities and click OK.
Click Next.
A summary of the settings will be displayed. Click Finish to import the Certificate.
You will see a confirmation that the Certificate was imported successfully. Click OK.
Open Cisco AnyConnect and attempt to connect again. You should no longer see the Untrusted Server warning.
There you have it! You have now successfully learned the steps to install a self-signed certificate as a trusted source on a Windows machine, to eliminate the “Untrusted Server” warning in AnyConnect.