How do I fix the "Security Warning: Untrusted VPN Server Certificate!" warning on Linux systems when running the AnyConnect VPN client?

This FAQ was last modified on: Thursday, January 4, 2018 04:51pm
How do I fix the "Security Warning: Untrusted VPN Server Certificate!" warning on Linux systems? 

On Linux, AnyConnect is only officially supported on the most recent versions of Redhat and Ubuntu, however, it will work on many other Linux releases without significant issue. 

On some linux systems, particularly releases that are not officially supported, users have encountered an issue where the Server Certificate is untrusted, despite the user's certificate store and system being up to date and having the correct time set on their machine. Here is a procedure that has worked for some users to resolve this issue.

*We cannot guarantee that this will resolve your issue, especially if you are using a version of Linux that Cisco does not support.*

This is adapted from a solution posted publicly by Andreas Kotowicz to Google+

When connecting to (or any of the VPN services hosted by OIT), the following error appears: 


# cd into hidden '.cisco' directory:
$ cd /opt/.cisco/certificates

# rename ca directory
$ sudo mv ca ca.orig

# link system certificate directory to ca
$ sudo ln -sf /etc/ssl/certs/ ca

# restart vpn service
$ sudo /etc/init.d/vpnagentd restart

Alternatively, you can also download and install the certificate chain file from the VPN appliance:

# cd into hidden '.cisco' directory:
$ cd /opt/.cisco/certificates/ca

# download certificate chain file (pem file) from you CA authority
$ sudo wget

# rename file accordingly
$ sudo mv chain.txt my_vpn.pem

# restart Cisco AnyConnect & the error message should be gone.