Hi David, This was super fast response, didn’t expect that. I’m using Linux with latest kernel (5.4) On the same machine AnyConnect works fine
I have the installation script of AnyConnect there are two .PEM files under /opt/.cisco/certificate/ca/ adding "-c *.pem" return "Failed to determine type of private key " How can I convert the two files to client cert? Shouldn’t the certificate be different per machine? It is the same for all installations .. BTW I read your original email about openconnect project in Linux mailer describing the protocol. Very nice job hacking it. Did you replaced the openssl library with one that extract the master keys and looked into the decrypt https sessions? Do you have something describing how you reverse engineering it? Thanks Hanoh On Thu, Oct 8, 2020 at 2:14 PM David Woodhouse <dw...@infradead.org> wrote: > > On Thu, 2020-10-08 at 13:57 +0300, hanoh haim wrote: > > Your client certificate will be used for authentication > ... > > Server requested SSL client certificate; none was configured > ... > > Certificate Validation Failure > ... > > Failed to obtain WebVPN cookie > > > > > > Where can I find the Client Certificate of my AnyConnect? > > That depends on where your AnyConnect is running. Is it Linux? In that > case I think it's bizarrely in your *Firefox* certificate store? If you > set it up correctly in p11-kit you could probably ask OpenConnect to > use it directly from there. > > On Windows it might be in the Windows certificate store. I think > OpenConnect can use it from there if running on Windows, or if you want > to take it elsewhere you might need to use JailBreak to extract it. -- Hanoh Sent from my iPhone _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
