cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4804
Views
0
Helpful
7
Replies

ASDM Certificate Issue

jhnet
Level 1
Level 1

Has anyone ran into the issue where logging into ASDM for a Cisco ASA 5516-X give the following error:
"The certificate present in this device is not valid. Certificate date is Expired or not valid as per current date"

How could we renew the certificate and is this cert a self-sign cert?


Thank you

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

what is the version of ASA code and ASDM Version ?

is this worked before ?

check the certs renewal :

https://www.cisco.com/c/en/us/support/docs/security/vpn-client-tools/220395-install-and-renew-certificates-on-asa-ma.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji,

Cisco Adaptive Security Appliance Software Version 9.16(4)18
SSP Operating System Version 2.10(1.248)
Device Manager Version 7.20(2)

This has worked before so it is kinda random that it just stopped working. I am starting to find forums that says version 7.20(2) ASDM is causing this issue.

but sure if you think that is the lower the ASDM to 7.18 and check

https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#reference_upj_nkl_x4b

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello,

I have a customer with the same issue on ASDM 7.20(2). Did you try to revert back to an older version?

Thanks

/Chess

tomasz.gluszko
Level 1
Level 1

Just add in Java security tab https://ip_address_asa

miso-ch
Level 1
Level 1

I had the same issue, after setting up a recycled lab ASA...

First, check the time of the ASA, and configure NTP or set at least the time manually (probably one day in the past, just to make sure you don't get any issues with time zone, and the certificate will be ready)..

show clock

! if not set correctly, properly with NTP...
clock timezone UTC +1
clock summer-time UTC+2 recurring last Sun Mar 2:00 last Sun Oct 3:00
!
ntp server YOURNTPSERVERIP source inside prefer

! or simply quick and dirty.. set the clock manually
clock set 09:40:00 27 May 2025

 

Then, create a self signed certificate and assign it to the management interface

crypto key generate rsa label MYSSLKEYPAIR modulus 4096
crypto ca trustpoint MYCERT
enroll self
fqdn myasa.domain.local
subject-name CN=myasa.domain.local
keypair MYSSLKEYPAIR
crypto ca enroll MYCERT noconfirm
ssl trust-point MYCERT mgmt

!(mgmt is the nameif of my Management Interface)

 

Review Cisco Networking for a $25 gift card