Expired ASA Temporary Self Signed Certifcate Cannot log in to ASDM

attybean — Fri, 21 Feb 2020 16:11:06 GMT

The company I work in is based in western Norway and we are using a Cisco ASA5505 v11 with Cisco ASDM 7.1(2) as a VPN solution. It was originally setup in 2012, but the ASA Temporary Self Signed Certificate has expired last week and it seems no longer possible to login to the Cisco ASA5505. Is it possible to disable java's requirement for a valid certificate? I am using Windows 7 Pro 64bit, but have access to Windows 10 if that would help.

When using ASDM I receive the following errors:

java.lang.ClassNotFoundException: com.sun.javaws.security.X509JavawsTrustManager

java.lang.ClassNotFoundException: com.sun.javaws.security.CertificateHostnameVerifier

Trying for ASDM Version file; url = https://192.168.1.1/admin/
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Trying for IDM. url=https://192.168.1.1/idm/idm.jnlp/
Exception in thread "Thread-0" java.lang.NoClassDefFoundError: sun/misc/BASE64Encoder

Caused by: java.lang.ClassNotFoundException: sun.misc.BASE64Encoder

The certificate when out of date eight days ago which seems to fit with the error messages. I am unsure of how to progress from here.

Any help would be greatly appreciated.

Re: Expired ASA Temporary Self Signed Certifcate Cannot log in to ASDM

Dennis Mink — Mon, 03 Sep 2018 10:19:33 GMT

are you able to SSH in and reissue the cert?

Re: Expired ASA Temporary Self Signed Certifcate Cannot log in to ASDM

attybean — Mon, 03 Sep 2018 10:50:53 GMT

Thank you for your reply. I have tried to use putty to ssh into the Cisco, but I just receive a 'Server unexpectly closed network connection' which leads me to think that SSH is not setup. Is there any other method for entry?

Re: Expired ASA Temporary Self Signed Certifcate Cannot log in to ASDM

Martin Carr — Mon, 03 Sep 2018 11:31:34 GMT

It's good practice to restrict the addresses that can connect, so this may be the case here.

If you add the FW address into the Java security exception list, it should work.

Failing that, you will have to establish a console session.

Martin

topic Re: Expired ASA Temporary Self Signed Certifcate Cannot log in to ASDM in Network Security

Expired ASA Temporary Self Signed Certifcate Cannot log in to ASDM

Re: Expired ASA Temporary Self Signed Certifcate Cannot log in to ASDM

Re: Expired ASA Temporary Self Signed Certifcate Cannot log in to ASDM

Re: Expired ASA Temporary Self Signed Certifcate Cannot log in to ASDM