Cisco Cisco AnyConnect Secure Mobility Client v4.x Release Notes
Performing the following workaround actions could corrupt the user certificate if you perform them
incorrectly. Use extra caution when specifying changes to the certificate.
incorrectly. Use extra caution when specifying changes to the certificate.
Caution
You can use the Microsoft Certutil.exe utility to modify the certificate CSP values. Certutil is a command-line
utility for managing a Windows CA, and is available in the Microsoft Windows Server 2003 Administration
Tools Pack. You can download the Tools Pack at this URL:
utility for managing a Windows CA, and is available in the Microsoft Windows Server 2003 Administration
Tools Pack. You can download the Tools Pack at this URL:
Follow this procedure to run Certutil.exe and change the Certificate CSP values:
1
Open a command window on the endpoint computer.
2
View the certificates in the user store along with their current CSP value using the following
command:certutil -store -user My
command:certutil -store -user My
The following example shows the certificate contents displayed by this command:
================ Certificate 0 ================
Serial Number: 3b3be91200020000854b
Issuer: CN=cert-issuer, OU=Boston Sales, O=Example Company, L=San Jose,
S=CA, C=US, E=csmith@example.com
NotBefore: 2/16/2011 10:18 AM
NotAfter: 5/20/2024 8:34 AM
Subject: CN=Carol Smith, OU=Sales Department, O=Example Company, L=San Jose, S=C
A, C=US, E=csmith@example.com
Non-root Certificate
Template:
Cert Hash(sha1): 86 27 37 1b e6 77 5f aa 8e ad e6 20 a3 14 73 b4 ee 7f 89 26
Serial Number: 3b3be91200020000854b
Issuer: CN=cert-issuer, OU=Boston Sales, O=Example Company, L=San Jose,
S=CA, C=US, E=csmith@example.com
NotBefore: 2/16/2011 10:18 AM
NotAfter: 5/20/2024 8:34 AM
Subject: CN=Carol Smith, OU=Sales Department, O=Example Company, L=San Jose, S=C
A, C=US, E=csmith@example.com
Non-root Certificate
Template:
Cert Hash(sha1): 86 27 37 1b e6 77 5f aa 8e ad e6 20 a3 14 73 b4 ee 7f 89 26
Key Container = {F62E9BE8-B32F-4700-9199-67CCC86455FB}
Unique container name: 46ab1403b52c6305cb226edd5276360f_c50140b9-ffef-4600-ada
Unique container name: 46ab1403b52c6305cb226edd5276360f_c50140b9-ffef-4600-ada
6-d09eb97a30f1
Provider = Microsoft Enhanced RSA and AES Cryptographic Provider
Signature test passed
3
Identify the <CN> attribute in the certificate. In the example, the CN is Carol Smith. You need this
information for the next step.
information for the next step.
4
Modify the certificate CSP using the following command. The example below uses the subject <CN>
value to select the certificate to modify. You can also use other attributes.
value to select the certificate to modify. You can also use other attributes.
On Windows 7 or later, use this command: certutil -csp "Microsoft Enhanced RSA and AES Cryptographic
Provider" -f -repairstore -user My <CN> carol smith
Provider" -f -repairstore -user My <CN> carol smith
5
Repeat step 2 and verify the new CSP value appears for the certificate.
Configuring Antivirus Applications for Host Scan
Antivirus applications can misinterpret the behavior of some of the applications included in the posture module
and the Host Scan package as malicious. Before installing the posture module or Host Scan package, configure
your antivirus software to “white-list” or make security exceptions for these Host Scan applications:
and the Host Scan package as malicious. Before installing the posture module or Host Scan package, configure
your antivirus software to “white-list” or make security exceptions for these Host Scan applications:
• cscan.exe
• ciscod.exe
• cstub.exe
Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.3
22
Release Notes for AnyConnect Secure Mobility Client, Release 4.3
Configuring Antivirus Applications for Host Scan