Fixing Cisco AnyConnect Certificate Verification on Linux
I needed Cisco AnyConnect to connect to my school’s VPN and when I tried to do that I got the Authentication failed due to problem verifying server certificate error.
The problem was that my system was missing the VPN gateway’s certificate. To solve this, I had to add the certificate to my local machine’s certificate store using the following commands. Replace <VPN_GATEWAY> with your VPN gateway’s address (e.g., vpn.my-school.example) and <CERT_NAME> with a suitable name related to the gateway (e.g., my-school resulting in my-school.cert):
# Download the certificate chain
echo | openssl s_client -connect <VPN_GATEWAY>:443 -showcerts 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/tmp-certs.pem
# Split into individual certificates and install the CA
sudo cp /tmp/tmp-certs.pem /usr/local/share/ca-certificates/<CERT_NAME>.crt
# Update certificate store
sudo update-ca-certificates
Restart the AnyConnect client and you should be able to connect to the VPN gateway.
Command references: