Solved: Certificate validation Failure please help urgent :(

Haider Malik · ‎01-17-2014

Hello All i need some urgent attention please.

suddenly i am unable to access my ASA firewall i am not sure why ?

I tried admin user and other user i have created before

i have alos installed ASDM on new system still same Error .

also i am able to login through Telnet with the same user without having any issue .

JEFF SPRADLING · ‎01-17-2014

That's great!

View solution in original post

JEFF SPRADLING · ‎01-17-2014

See my earlier post:

https://supportforums.cisco.com/thread/2261962?tstart=0

Haider Malik · ‎01-17-2014

can you let me know where i can open the Java console can you please provide screen shot or setps soory its dumb question just couldnt find the security tab ( i am on 2008 server ) .

A workaround for this is to open the Java console, click on the security tab, and add the ASA to the "Exception Site List" (i.e. -

https://10.10.1.1

). You'll have to do this for every ASA you connect to, and you'll have to launch the ASDM from the browser for it to work.

JEFF SPRADLING · ‎01-17-2014

Open control panel, then type java in the search at top right.

Now click the Security tab and you'll see the "Edit Site List..." button.

Haider Malik · ‎01-17-2014

Well its not there in 2008 server however i have tried 2003 server and could not find edit site list please help .

within 2008 server couldt find plese find the screen shots

JEFF SPRADLING · ‎01-17-2014

If Java isn't loaded on the 2008 server then that's a problem. You'll need it to run ASDM. Download from here:

http://java.com/en/download/index.jsp

On the 2003 server, it looks like you have three versions. I'd remove 5.x and 6.x - they have security issues.

Once removed, you should be able to open the version 7 update 51 and see the "Edit Site List" button on the Security tab:

Haider Malik · ‎01-17-2014

Ok finally if reinstalled the Java > and found the Java control Panel under Startr > programs >

i have added the site and still have the same issue please check the sc reen shots .

unable to launc the application

+++

JEFF SPRADLING · ‎01-17-2014

From telnet or console, do a "show crypto ca certificate". Does the cert match your hostname? Is the time set correctly on the ASA as well as the computer you're connecting from?

If there's no cert, you may need to reboot. The cert is generate on bootup.

Another thing to try is to downgrade your Java. The older versions aren't easy to find; you'll have to search google.

Beyond that, you'll probably need to open a TAC case.

Good luck!

Jeff

Haider Malik · ‎01-17-2014

Thanks i dont see any cert when doing show

ASA# show crypto ca certificate

ASA#

further i have already rebooted the ASA before .

I do have old config backup i am not sure if that gone help me in this case where the issue is related to the cert .

Thank you .

JEFF SPRADLING · ‎01-17-2014

I believe you need to create a host name in order to get the certificate. Do that before you reboot, and it may fix your issue.

Haider Malik · ‎01-17-2014

I resolved the issue by removing one command and able to connect sright away without any issue.

no http authentication-certificate inside

Thank you for all the help

JEFF SPRADLING · ‎01-17-2014

That's great!