Error in Cisco AnyConnect Client: "Cannot Confirm it is Connected"

[NOTE: problem identified on my personal laptop with macOS 10.15.2, Cisco AnyConnect Secure Mobility Client 4.6.03049]

What to Do When You Encounter This Error

AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network.

This is a potentially misleading explanation, as the problem in my case was due to a corrupted VPN certificate.

To fix the problem on macOS, do the following.

1. Open Keychain.app and search for a certificate for your VPN. If you already have one, export it to create a backup in case you need to restore, then delete the certificate in Keychain.

2. Point a browser to https://vpn.yourcompany.com, or whatever the address of VPN happens to be.

3. The certificate should automatically download to Keychain at this point. If the certificate is self-signed, you will get a warning. If that is the case, you will need to download the certificate yourself (click on Advanced… / View Certificate or something similar in your browser of choice). Once downloaded, double clicking the certificate should open it in Keychain.app.

4. View your certificate in Keychain. Expand the Trust section and select Always Trust. Save your Keychain.

Now try connecting once again from AnyConnect, and hopefully that fixes your problem.