Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3943
Views
10
Helpful
3
Replies

Expired ASA Temporary Self Signed Certifcate Cannot log in to ASDM

Go to solution
attybean
Level 1
Level 1

‎09-03-2018 03:17 AM - edited ‎02-21-2020 08:11 AM

The company I work in is based in western Norway and we are using a Cisco ASA5505 v11 with Cisco ASDM 7.1(2) as a VPN solution. It was originally setup in 2012, but the ASA Temporary Self Signed Certificate has expired last week and it seems no longer possible to login to the Cisco ASA5505. Is it possible to disable java's requirement for a valid certificate? I am using Windows 7 Pro 64bit, but have access to Windows 10 if that would help. 

When using ASDM I receive the following errors: 

java.lang.ClassNotFoundException: com.sun.javaws.security.X509JavawsTrustManager

 

java.lang.ClassNotFoundException: com.sun.javaws.security.CertificateHostnameVerifier

 

Trying for ASDM Version file; url = https://192.168.1.1/admin/
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Trying for IDM. url=https://192.168.1.1/idm/idm.jnlp/
Exception in thread "Thread-0" java.lang.NoClassDefFoundError: sun/misc/BASE64Encoder

Caused by: java.lang.ClassNotFoundException: sun.misc.BASE64Encoder

 

The certificate when out of date eight days ago which seems to fit with the error messages. I am unsure of how to progress from here.

 

Any help would be greatly appreciated. 

Labels:
Preview file
138 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Martin Carr
Level 4
Level 4
In response to attybean

‎09-03-2018 04:31 AM

It's good practice to restrict the addresses that can connect, so this may be the case here.

 

If you add the FW address into the Java security exception list, it should work.

 

Failing that, you will have to establish a console session.

 

Martin 

View solution in original post

3 Replies 3

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎09-03-2018 03:19 AM

are you able to SSH in and reissue the cert?

Please remember to rate useful posts, by clicking on the stars below.

Go to solution
attybean
Level 1
Level 1
In response to Dennis Mink

‎09-03-2018 03:50 AM

Thank you for your reply. I have tried to use putty to ssh into the Cisco, but I just receive a 'Server unexpectly closed network connection' which leads me to think that SSH is not setup. Is there any other method for entry?

0 Helpful

Go to solution
Martin Carr
Level 4
Level 4
In response to attybean

‎09-03-2018 04:31 AM

It's good practice to restrict the addresses that can connect, so this may be the case here.

 

If you add the FW address into the Java security exception list, it should work.

 

Failing that, you will have to establish a console session.

 

Martin 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card