Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3902
Views
0
Helpful
9
Replies

Installed a new SSL Certificate but clients are still seeing the old one.

joshscott
Level 1
Level 1

‎02-22-2012 10:37 AM - edited ‎03-11-2019 03:33 PM

I have installed a new SSL certificate on our ASA 5500. I removed the old one, installed the new one. And associated the trustpoints with the interface we use for Web Connect and AnyConnect connections.

They are still seeing the old expired certificates. Users can still log in and authenticate but I would rather them see the correct certificate.

Anybody have any suggestions?

Thanks

Labels:
0 Helpful
9 Replies 9

Julio Carvajal
VIP Alumni
VIP Alumni

‎02-22-2012 11:55 AM

Hello,

If you do show run ssl

Do you see the Rigth certificate ( trustpoint) applied to the right interface?

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

joshscott
Level 1
Level 1
In response to Julio Carvajal

‎02-22-2012 12:06 PM

Yes the correct trustpoint is shown.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to joshscott

‎02-22-2012 12:15 PM

Hello Josh,

Can you try it from a computer you have not connect before and see if you see any differences.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

joshscott
Level 1
Level 1
In response to Julio Carvajal

‎02-22-2012 12:43 PM

This will take me a little bit of time. I will probably have to set up a virtual to test this with since I have connected with all of my machines at one point in time.

0 Helpful

joshscott
Level 1
Level 1
In response to joshscott

‎02-22-2012 12:50 PM

Nevermind I set up a new Linux Virtual a couple of days ago and I have connected with it yet.

Still having the same issue. Web SSL VPN Service is showing the old expired certificate even though it doesn't look to be installed on the ASA anywhere.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to joshscott

‎02-22-2012 01:00 PM

Hello Josh,

If you do a show run crypto ca trustpoint:

Do you see both of them? The old one and new one?

Also do you have any certificate to profile mapping?

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

joshscott
Level 1
Level 1
In response to Julio Carvajal

‎02-22-2012 01:27 PM

Running "show run crypto ca trustpoint" does indeed show the old trustpoints. I have no certificate to profile mappings

0 Helpful

joshscott
Level 1
Level 1
In response to Julio Carvajal

‎02-22-2012 02:16 PM

There must have been something wonky with the certificate install. I removed and then reinstalled it and it is running fine now. Although I have a lot of old trustpoints that are still shown as in use

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to joshscott

‎02-22-2012 02:31 PM

So, Please remove those ones from your ASA

No crypto ca trustpoint x.x.x.x

Do you see the actual ( the one active on your ASA)

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card