cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3357
Views
0
Helpful
9
Replies

Installed a new SSL Certificate but clients are still seeing the old one.

joshscott
Level 1
Level 1

I have installed a new SSL certificate on our ASA 5500. I removed the old one, installed the new one. And associated the trustpoints with the interface we use for Web Connect and AnyConnect connections.

They are still seeing the old expired certificates. Users can still log in and authenticate but I would rather them see the correct certificate.

Anybody have any suggestions?

Thanks

9 Replies 9

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

If you do show run ssl

Do you see the Rigth certificate ( trustpoint) applied to the right interface?

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Yes the correct trustpoint is shown.

Hello Josh,

Can you try it from a computer you have not connect before and see if you see any differences.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

This will take me a little bit of time. I will probably have to set up a virtual to test this with since I have connected with all of my machines at one point in time.

Nevermind I set up a new Linux Virtual a couple of days ago and I have connected with it yet.

Still having the same issue. Web SSL VPN Service is showing the old expired certificate even though it doesn't look to be installed on the ASA anywhere.

Hello Josh,

If you do a show run crypto ca trustpoint:

Do you see both of them? The old one and new one?

Also do you have any certificate to profile mapping?

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Running "show run crypto ca trustpoint" does indeed show the old trustpoints. I have no certificate to profile mappings

There must have been something wonky with the certificate install. I removed and then reinstalled it and it is running fine now. Although I have a lot of old trustpoints that are still shown as in use

So, Please remove those ones from your ASA

No crypto ca trustpoint x.x.x.x

Do you see the actual ( the one active on your ASA)

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: