Connecting to Cisco VPN with .pfx and .ca certificate in Ubuntu 20.04

Connecting to VPN with .pfx (PKCS #12) file and ca2.crt certificate is quite simple in MacOS and Windows, because these operating systems already have utilities to system-wide importing such certificates. After importing, you can simply connect using AnyConnect.

But, in Ubuntu we faced several problems trying to import certificates and connect, but finally resolved this issue. Now I want to share our solution.

Solution

1.Extracting certificate and key from .pfx archive.
.pfx is an archive containing public key and certificate. In Ubuntu we can’t import entire .pfx file, so we need to extract both files from it:

openssl pkcs12 -in certificate.pfx -out certificate.pem -nokeys
Enter Import Password:
MAC verified OK
$ openssl pkcs12 -in certificate.pfx -out certificate.key -nocerts
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

Here we also need to set passphrase to .key file.

2. Connecting to VPN
We haven’t found solution to import certificates to AnyConnect, but, fortunatelly, we can use another tool which can establish connection — Openconnect. Openconnect supports AnyConnect protocol, so everything works fine. First, let’s install tool

apt-get install network-manager-openconnect-gnome

3. Then, we need to open network settings and establish new vpn connection by clicking + buton.

4. Choose “Multi-protocol VPN client (openconnect)”

5. Setting up connection. Here we need to define Gateway and select .crt, .pem and .key certificates.

6. Now we have new connection in Network Settings, and we can establish it. You’ll need to set passphrase which you defined on 1st step. Maybe some additional steps will be required depending on your VPN server settings.