https://community.cisco.com/t5/network-security/ssl-certificate-on-asa-missing-something/m-p/4273808#M1077390 Ah right okay so I just give the users the the FQDN and leave it at that then .. well that was easy thank you for clarification:)<BR /> Sat, 16 Jan 2021 20:20:11 GMT machine23 2021-01-16T20:20:11Z https://community.cisco.com/t5/network-security/ssl-certificate-on-asa-missing-something/m-p/4273802#M1077388 <P>Hello All ,&nbsp;</P><P>&nbsp;</P><P>I have added an SSL cert for the ASA - ciscoasa.ladderbar.com (195.36.189.55) and applied the certificate on the SSL settings on the ASA so when users use anyconnect using the DNS name (ciscoasa.ladderbar.com) it works good and no risk message is shown , but when they use the IP it comes up with certificate not trusted message.</P><P>Same issue when I browse - <A href="https://195.36.189.55" target="_blank" rel="noopener">https://195.36.189.55</A> - website shows not secure but <A href="https://ciscoasa.ladderbar.com" target="_blank" rel="noopener">https://ciscoasa.ladderbar.com</A> - shows secure.</P><P>Any settings on the ASA that i might have missed ?</P><P>&nbsp;</P><P>Thank you&nbsp;</P> Sat, 16 Jan 2021 19:15:04 GMT https://community.cisco.com/t5/network-security/ssl-certificate-on-asa-missing-something/m-p/4273802#M1077388 machine23 2021-01-16T19:15:04Z https://community.cisco.com/t5/network-security/ssl-certificate-on-asa-missing-something/m-p/4273807#M1077389 <P>Nothing that you missed here. That's the way it works. The IP address is not part of the certificate and with that not trusted by the client.</P> Sat, 16 Jan 2021 20:06:41 GMT https://community.cisco.com/t5/network-security/ssl-certificate-on-asa-missing-something/m-p/4273807#M1077389 Karsten Iwen 2021-01-16T20:06:41Z https://community.cisco.com/t5/network-security/ssl-certificate-on-asa-missing-something/m-p/4273808#M1077390 Ah right okay so I just give the users the the FQDN and leave it at that then .. well that was easy thank you for clarification:)<BR /> Sat, 16 Jan 2021 20:20:11 GMT https://community.cisco.com/t5/network-security/ssl-certificate-on-asa-missing-something/m-p/4273808#M1077390 machine23 2021-01-16T20:20:11Z https://community.cisco.com/t5/network-security/ssl-certificate-on-asa-missing-something/m-p/4273907#M1077393 Hi,<BR /><BR />No settings on ASA will fix this. You missed to add your ASA IP to the<BR />certificate. Try to regenerate the certificate with CN as<BR />ciscoasa.ladderbar.com and have the IP added to SAN names in the<BR />certificate. This will resolve the issue properly.<BR /><BR />**** please remember to rate useful posts<BR /> Sun, 17 Jan 2021 07:03:11 GMT https://community.cisco.com/t5/network-security/ssl-certificate-on-asa-missing-something/m-p/4273907#M1077393 Mohammed al Baqari 2021-01-17T07:03:11Z https://community.cisco.com/t5/network-security/ssl-certificate-on-asa-missing-something/m-p/4273939#M1077394 <P>Hi , thanks for this , I thought I did put the ip in ... but I will rekey and make sure , also in the fortigates it works without adding the ip in the fortigates.&nbsp;</P> Sun, 17 Jan 2021 08:49:16 GMT https://community.cisco.com/t5/network-security/ssl-certificate-on-asa-missing-something/m-p/4273939#M1077394 machine23 2021-01-17T08:49:16Z https://community.cisco.com/t5/network-security/ssl-certificate-on-asa-missing-something/m-p/4273946#M1077395 <P>In my opinion it's not worth the effort to put the IP in the certificate. The CA needs a stricter validation process that you must follow to get the certificate, the certificates are more expensive and if you are using Windows, it will likely not work with older versions than Win10.</P> Sun, 17 Jan 2021 09:05:32 GMT https://community.cisco.com/t5/network-security/ssl-certificate-on-asa-missing-something/m-p/4273946#M1077395 Karsten Iwen 2021-01-17T09:05:32Z