User profile for user: CantSalomeDown
CantSalomeDown Author
User level: Level 1
1 points

Cisco AnyConnect wants access to os x system keychain

Yosemite 10.10.3 & Cisco AnyConnect Secure Mobility Client version 3.1.07021

OS X wants to make changes. Type an administrator's name and password to allow this. OS X wants to use the "System" keychain.

User uploaded file

If I enter credentials and press allow, the prompt comes back at least two more times before a connection is made, if I click deny the prompt repeats but eventually goes away and allows a connection without authenticating for the "System" keychain. While I can easily work around this by clicking deny, I would prefer to resolve this for the end users.


The same occurs under the guest account.

I have uninstalled and reinstalled several times, and tried the different versions of AnyConnect that are currently available for me to use here.

I had changed the permissions on the /Library/Keychains/System.keychain and that did not resolve

I had modified the permissions on private keys in the system keychain and that did not resolve


I started from scratch with a fresh 10.10.3 build, and the issue persists.

Posted on Apr 14, 2015 12:43 PM

Reply
Question marked as Top-ranking reply
User profile for user: feidakila
feidakila
User level: Level 1
14 points

Posted on Dec 1, 2017 12:04 AM

This solved my issue:


• Launch /Applications/Utilities/Keychain Access

• Select "System" from the Keychains menu in the upper left

• Select "Certificates" from the Category menu in the lower left

• Find the entry that corelates to your computer's name in the list on the right, and click on the disclosure triangle.

• Secondary click on the "Private Key" entry that appears and select "Get Info" from the contextual menu that appears.

• Select the Access Control tab.

• You can then *either* add AnyConnect to the the list at the bottom of the screen (more secure, but you will need to repeat this process anytime the version of AnyConnect changes), *or* toggle the radio button to "Allow all applications to access this item".

taken from Google Groups

View in context
16 replies
User profile for user: Mcmattmanp
Mcmattmanp
User level: Level 1
9 points

Apr 11, 2016 7:23 AM in response to CantSalomeDown

I had this problem after changing machine certificates. I'm running OS X El Capitan 10.11.4. I was able to remedy the issue by completely uninstalling Cisco Anyconnect. I not only ran the uninstaller but also deleted the /opt/cisco directory which contains settings for Cisco Anyconnect that aren't removed during uninstall. I wasn't seeing the dual entries for Kerberos certificates either.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Cisco AnyConnect wants access to os x system keychain

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up