Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
301
Views
0
Helpful
5
Replies

Cisco ASDM force Certificate check

Sebastian.Seine1
Level 1
Level 1

‎10-14-2025 07:43 AM

Hello everyone,
we are using the Cisco ASDM-IDM Launcher v1.9(9). When the Launcher connects to a system with a self-signed SSL certificate, we do not receive any warning messages. Additionally, I cannot view or verify the SSL state in the Cisco ASDM-IDM Launcher.

I believe this could pose a security risk, as it might allow man-in-the-middle attacks to intercept usernames and passwords from administrators.

Is there any way or option to activate certificate validation and receive a warning if a self-signed certificate is being used or if the certificate has been changed?

Regards

Sebastian

 

0 Helpful
5 Replies 5

jimy966brown
Level 1
Level 1

‎10-16-2025 04:28 AM

Hello
,It does not display warnings when connecting to devices using self-signed SSL certificates.There is no visible SSL status within the launcher itself.This behavior can pose a security risk because administrators could unknowingly connect to a compromised or malicious device (MITM attack), especially in environments with self-signed certificates.    Myccpay

0 Helpful

Sebastian.Seine1
Level 1
Level 1

‎10-16-2025 09:19 AM

Hello,
I fully agree. Even though a signed certificate has been created for the system, it doesn’t mitigate the underlying risk. Anyone using a self-signed certificate could still perform a man-in-the-middle (MITM) attack to intercept administrator credentials.

Before establishing a connection, the browser validation step is essential to ensure the certificate chain is trusted and the connection is properly secured. Only after confirming that the SSL/TLS connection behaves as expected should the system be accessed.

In my opinion, this represents a potential security vulnerability that should be addressed.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Sebastian.Seine1

‎10-18-2025 01:05 AM

As a Java applet, the certificate validation warning (or lack thereof) when launching ASDM is taken from the security settings of your computer's Java installation. Look in your Java Control Panel, Security tab to modify that behavior.

0 Helpful

Sebastian.Seine1
Level 1
Level 1
In response to Marvin Rhoads

‎10-19-2025 03:24 AM

@Marvin Rhoads ,

I'm using asdm-openjre Version and there is no Java Installation or Java Control Panel with Security tab on my PC. It is a part of the ASDM-IDM Launcher installation by self. 
So there is no chance to change that settings.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Sebastian.Seine1

‎10-20-2025 09:43 PM

In the case of OpenJRE, the settings are not exposed via a GUI like the Java Control Panel. However, they should be accessible via configuration file - e.g., C:\Program Files (x86)\Cisco Systems\ASDM\jre\lib\security\java.securit.

However, I would suggest that if there is a real danger of MITM attacks on your internal network administration, that you have a much bigger problem than Java settings.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card