Cisco Cisco AnyConnect Secure Mobility Client v4.x User Guide
Procedure
Step 1
From the AnyConnect home window, tap Connection. Then, long-press the connection entry to display the Select Action
window.
window.
Step 2
Tap Delete connection.
Configure Certificates
About Certificates on Your AndroidDevice
Certificates are used to digitally identify each end of the VPN connection: the secure gateway, or the server, and the AnyConnect
client, or the user. A server certificate identifies the secure gateway to AnyConnect, and a user certificate identifies the AnyConnect
user to the secure gateway. Certificates are obtained from and verified by Certificate Authorities (CAs).
client, or the user. A server certificate identifies the secure gateway to AnyConnect, and a user certificate identifies the AnyConnect
user to the secure gateway. Certificates are obtained from and verified by Certificate Authorities (CAs).
When establishing a connection, AnyConnect always expects a server certificate from the secure gateway. The secure gateway expects
a certificate from AnyConnect only if it has been configured to do so. Expecting the AnyConnect user to manually enter credentials
is another way to authenticate a VPN connection. In fact, the secure gateway can be configured to authenticate AnyConnect users
with a digital certificate, with manually entered credentials, or with both. Certificate-only authentication allows VPNs to connect
without user intervention.
a certificate from AnyConnect only if it has been configured to do so. Expecting the AnyConnect user to manually enter credentials
is another way to authenticate a VPN connection. In fact, the secure gateway can be configured to authenticate AnyConnect users
with a digital certificate, with manually entered credentials, or with both. Certificate-only authentication allows VPNs to connect
without user intervention.
Distribution to and use of certificates by, the secure gateway and your device, are directed by your administrator. Follow directions
provided by your administrator to import, use, and manage server and user certificates for AnyConnect VPNs. Information and
procedures in this document related to certificates and certificate management are provided for your understanding and reference.
provided by your administrator to import, use, and manage server and user certificates for AnyConnect VPNs. Information and
procedures in this document related to certificates and certificate management are provided for your understanding and reference.
AnyConnect stores both user and server certificates for authentication in its own certificate store on the Android device. The AnyConnect
certificate store is managed from the Menu > Diagnostics > Certificate Management screen; you can also view Android System
certificates here.
certificate store is managed from the Menu > Diagnostics > Certificate Management screen; you can also view Android System
certificates here.
About User Certificates
In order for you, the AnyConnect user, to authenticate to the secure gateway using a digital certificate, you need a user certificate in
the AnyConnect certificate store on your device. User certificates are imported using one of the following methods, as directed by
your administrator:
In order for you, the AnyConnect user, to authenticate to the secure gateway using a digital certificate, you need a user certificate in
the AnyConnect certificate store on your device. User certificates are imported using one of the following methods, as directed by
your administrator:
• Imported automatically after clicking a hyperlink provided by your administrator in an email or on a web page.
• Imported manually by you from the device's file system, from the device's credential storage, or from a network server.
• Imported when connecting to a secure gateway that has been configured by your administrator to provide you with a certificate.
Once imported, the certificate can be associated with a particular connection entry or selected automatically during connection
establishment to authenticate.
establishment to authenticate.
You can delete user certificates from the AnyConnect store if they are no longer needed for authentication.
About Server Certificates
A server certificate received from the secure gateway during connection establishment automatically authenticates that server to
AnyConnect, if and only if it is valid and trusted. Otherwise:
A server certificate received from the secure gateway during connection establishment automatically authenticates that server to
AnyConnect, if and only if it is valid and trusted. Otherwise:
• A valid, but untrusted server certificate can be reviewed, authorized, and imported to the AnyConnect certificate store. Once a
server certificate is imported into the AnyConnect store, subsequent connections made to the server using this digital certificate
are automatically accepted.
are automatically accepted.
7