08-30-2022 09:06 AM
Hi,
we have a cluster of ASA 5525X that running ASDM asdm-7181-152.bin.
With this version, we have an error on lounch ASDM on Linux that indicate:
jar resources in jnlp are not signed by same certificate
With previous version, 7.1.7 maybe, the problem is not present and ASDM start correctly on Linux.
We only change the .bin of ASDM, any change on ASA configuration.
The java version is 1.8 latest, that works fine with old ASDM version.
The Linux version is Oracle Linux 9
Some ideas?
09-02-2022 02:28 AM
I have the same problem: jar resources in jnlp are not signed by same certificate
All advice I've been able to find online lean towards suggesting clear Java cache/temp files, etc. This doesn't work.
The resources included in the JNLP are:
Removing lzma.jar from the JNLP resource list works around the error, but prevents the ASDM launcher from loading. Is there some reason the jars have different signers?
09-02-2022 05:48 AM
I have resolved with command line, and launch of single jar file via java command like this, after download the file via Windows OS :
/path/to/java -cp dm-launcher.jar:jploader.jar:lzma.jar:retroweaver-rt-2.0.jar com.cisco.launcher.Launcher cert.PEM
With ASDM latest version, and Java Oracle 1.8 latest version, it's all OK and ASDM start correctly.
09-06-2022 01:50 PM
I've found a solution to this issue. In ASDM 7.18, Cisco transitioned away from using Java Web Launcher because of end of support. Cisco now requires you to use ASDM-IDM Launcher to access ASDM.
You can find the msi installer for ASDM-IDM Launcher by going to https://<asa-ip-address>/admin/dm-launcher.msi
More info can be found in the Release Notes for 7.18: https://www.cisco.com/c/en/us/td/docs/security/asdm/7_18/release/notes/rn718.html
09-06-2022 03:14 PM
thanks a lot for sharing this info.
09-06-2022 04:26 PM
This is helpful if:
1. You have admin rights to the device from which you're accessing the ASDM, and;
2. You're accessing from a Cisco-supported windows platform in which you can install the MSI package (which appears to be a packaged version of JVM and a set of static JARs.
If your environment doesn't fit these pre-reqs, the MSI doesn't really help. The cleaner solution would be for Cisco to fix the problem and sign lzma.jar (the offending JAR) with the same signing cert as the other resources. Additionally, if the installed launcher doesn't throw the error, then you'd have to query whether the packaged version of JVM is as secure and vulnerability-free as a supported Oracle alternative.
You could also query why ASDM is still both Java-based and platform dependent in 2022 ... but that's probably a query for a different thread.
10-04-2022 01:04 AM
According to the release notes for ASDM 7.18, Cisco de facto dropped the linux support.
Just the next coffin nail.
But does not matter anymore:
08-02-2023 09:47 AM
A bit late to the party, but I found this website quite helpful: https://williamlieurance.com/cisco-asdm-718-719-linux/
Solved it for me!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide