How to Fix AnyConnect VPN Server Certificate errors for Linux clients
Some versions of Linux distributions do not have a suitable Verisign root CA certificate installed and trusted for software makers. This affects the ability to connect to VPN resources over SSL. Some versions do not have a suitable CA certificate that will recognize UMN use of the Incommons Certifcate CA and will require you to download an intermediate CA certificate.
This article will help you complete the following:
Download an intermediate CA certificate that matches the Internet2 In-Commons certificate service.
The AnyConnect admin document (chapter2) provides for a certificate deployment location and download instructions. The text of the instructions are included below. I would recommend a shorter route.