cisco vpn 解决server certificate错误

Life is short , play more!
本文来自lihao's Blog,转载请注明。

在最新的centos 6.5 上安装cisco vpn anyconnect 客户端发现有些问题。

/opt/cisco/vpn/bin/vpn connect 1.1.1.1

Cisco AnyConnect VPN Client (version 2.4.0202) .
Copyright (c) 2004 – 2009 Cisco Systems, Inc.All Rights Reserved.
>> state: Disconnected
>> warning: No profile is available.  Please enter host to “Connect to”.
>> registered with local VPN subsystem.
>> state: DisconnectedVPN>
>> contacting host (1.1.1.1) for login information…
>> notice: Contacting 1.1.1.1.
>> warning: Unable to process response from 1.1.1.1.
>> error: Connection attempt has failed due to server certificate problem.
>> state: Disconnected

查看 /var/log/message 日志。

May 24 11:24:40 lihao vpncli[7150]: Function: loadLibs File: Certificates/NSSCertUtils.cpp Line: 1339 Invoked Function: getNSSDllPath Return Code: -31391726 (0xFE210012) Description: CERTSTORE_ERROR_NSS_LIBRARIES_NOT_FOUND Unable to locate library libplc4.so
May 24 11:24:40 lihao vpncli[7150]: Function: CNSSCertUtils File: Certificates/NSSCertUtils.cpp Line: 272 Invoked Function: CNSSCertUtils::loadLibs Return Code: -31391726 (0xFE210012) Description: CERTSTORE_ERROR_NSS_LIBRARIES_NOT_FOUND
May 24 11:24:40 lihao vpncli[7150]: Function: CNSSCertStore File: Certificates/NSSCertStore.cpp Line: 55 Invoked Function: CNSSCertUtils Return Code: -31391726 (0xFE210012) Description: CERTSTORE_ERROR_NSS_LIBRARIES_NOT_FOUND
May 24 11:24:40 lihao vpncli[7150]: Function: addNSSStore File: Certificates/CollectiveCertStore.cpp Line: 937 Invoked Function: CNSSCertStore::CNSSCertStore Return Code: -31391726 (0xFE210012) Description: CERTSTORE_ERROR_NSS_LIBRARIES_NOT_FOUND
May 24 11:24:40 lihao vpncli[7150]: Function: OpenStores File: Certificates/CollectiveCertStore.cpp Line: 244 Invoked Function: CCollectiveCertStore::addNSSStore Return Code: -31391726 (0xFE210012) Description: CERTSTORE_ERROR_NSS_LIBRARIES_NOT_FOUND
May 24 11:24:40 lihao vpncli[7150]: Function: OnNegotiateMessageTypesComplete File: ApiIpc.cpp Line: 341 Master Agent Connection started.
May 24 11:24:40 lihao vpncli[7150]: Function: setState File: ClientIfcBase.cpp Line: 937 Disconnected
May 24 11:24:40 lihao vpncli[7150]: Function: setState File: ClientIfcBase.cpp Line: 1006 Freeing CSD in DISCONNECTED state
May 24 11:24:40 lihao vpncli[7150]: Function: processState File: ApiIpc.cpp Line: 1132 Disconnected state received
May 24 11:24:41 lihao vpncli[7150]: Function: attach File: ClientIfcBase.cpp Line: 318 Invoked Function: ClientIfcBase :: attach Return Code: 0 (0x00000000) Description: Client successfully attached.
May 24 11:24:41 lihao vpncli[7150]: Function: attach File: ClientIfcBase.cpp Line: 340 Invoked Function: ClientIfcBase :: attach Return Code: 0 (0x00000000) Description: Event detection not implemented in client program.
May 24 11:24:41 lihao vpncli[7150]: Function: setState File: ClientIfcBase.cpp Line: 937 Disconnected
May 24 11:24:41 lihao vpncli[7150]: Function: setState File: ClientIfcBase.cpp Line: 1006 Freeing CSD in DISCONNECTED state
May 24 11:24:41 lihao vpncli[7150]: Function: connectRequest File: ConnectMgr.cpp Line: 415 Freeing CSD before making connect attempt.
May 24 11:24:41 lihao vpncli[7150]: Function: getProfileNameFromHost File: ProfileMgr.cpp Line: 360 Invoked Function: getProfileNameFromHost Return Code: 0 (0x00000000) Description: No profile available for host 219.141.216.168.
May 24 11:24:41 lihao vpncli[7150]: Function: getHostInitSettings File: ProfileMgr.cpp Line: 432 Invoked Function: ProfileMgr :: getHostInitSettings Return Code: 0 (0x00000000) Description: Profile “” not found. Using default settings
May 24 11:24:41 lihao vpncli[7150]: Function: getProfileNameFromHost File: ProfileMgr.cpp Line: 360 Invoked Function: getProfileNameFromHost Return Code: 0 (0x00000000) Description: No profile available for host 219.141.216.168.
May 24 11:24:41 lihao vpncli[7150]: Using default preferences. Some settings (e.g. certificate matching) may not function as expected if a local profile is expected to be used. Verify that the selected host is in the server list section of the profile and

=========================================

解决方法: 怀疑是cisco linux vpn 客户端由于不在维护,读取了特定位置的so,因为linux系统变化太快, firefox现在已经不默认装在 /usr/local/firefox 下。

[[email protected] ~]# mkdir /usr/local/firefox
[[email protected] ~]# cd /usr/local/firefox
[[email protected] firefox]# ln -s /usr/lib/libnss3.so 
[[email protected] firefox]# ln -s /lib/libplc4.so 
[[email protected] firefox]# ln -s /lib/libnspr4.so 
[[email protected] firefox]# ln -s /usr/lib/libsmime3.so 
[[email protected] firefox]# 

ps: 别忘了在firefox中, 将你需要链接服务器的证书设置位可信啊。


发表评论

电子邮件地址不会被公开。 必填项已用*标注