cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3941
Views
10
Helpful
3
Replies

Expired ASA Temporary Self Signed Certifcate Cannot log in to ASDM

attybean
Level 1
Level 1

The company I work in is based in western Norway and we are using a Cisco ASA5505 v11 with Cisco ASDM 7.1(2) as a VPN solution. It was originally setup in 2012, but the ASA Temporary Self Signed Certificate has expired last week and it seems no longer possible to login to the Cisco ASA5505. Is it possible to disable java's requirement for a valid certificate? I am using Windows 7 Pro 64bit, but have access to Windows 10 if that would help. 

When using ASDM I receive the following errors: 

java.lang.ClassNotFoundException: com.sun.javaws.security.X509JavawsTrustManager

 

java.lang.ClassNotFoundException: com.sun.javaws.security.CertificateHostnameVerifier

 

Trying for ASDM Version file; url = https://192.168.1.1/admin/
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Trying for IDM. url=https://192.168.1.1/idm/idm.jnlp/
Exception in thread "Thread-0" java.lang.NoClassDefFoundError: sun/misc/BASE64Encoder

Caused by: java.lang.ClassNotFoundException: sun.misc.BASE64Encoder

 

The certificate when out of date eight days ago which seems to fit with the error messages. I am unsure of how to progress from here.

 

Any help would be greatly appreciated. 

1 Accepted Solution

Accepted Solutions

It's good practice to restrict the addresses that can connect, so this may be the case here.

 

If you add the FW address into the Java security exception list, it should work.

 

Failing that, you will have to establish a console session.

 

Martin 

View solution in original post

3 Replies 3

Dennis Mink
VIP Alumni
VIP Alumni

are you able to SSH in and reissue the cert?

Please remember to rate useful posts, by clicking on the stars below.

Thank you for your reply. I have tried to use putty to ssh into the Cisco, but I just receive a 'Server unexpectly closed network connection' which leads me to think that SSH is not setup. Is there any other method for entry?

It's good practice to restrict the addresses that can connect, so this may be the case here.

 

If you add the FW address into the Java security exception list, it should work.

 

Failing that, you will have to establish a console session.

 

Martin 

Review Cisco Networking for a $25 gift card