I have an SSL-Certificate alarm from PRTG correctly highlighting the "Unable to check revocation status"
with <sh crypto ca certificates> I can see that the issuing or root certification authority or the root certification authority is available to be queried.
I can also see the certificate via Cisco ASDM
>Configuration>Remote Access VPN>Certificate Management>CA Certificates.
I don't understand why I've been getting this alarm for 1 week on 3 out of 20 ASA firewalls.
I use the following command on the firewall in the CLI and if I do a firewall rule import from the firewall and then a deployment, the parameter is overwritten: ssl trustp-point My_trustpoint
conf t
dynamic-access-policy-confi activate
vpn-addr-assign local reuse-delay 0
no ssl trust-point <My_trustpoint>
I don't understand why (CSM) Cisco Security Manager keeps deleting the last command line and unfortunately, I haven't found the corner of the CSM where this is configured....
This is probl the reason why messages appear in the prtg, coz the verified CA is not the right one or it is, by default, self-signed certificates on firewalls.
the chain is unfortunately not routed to internet." Unable to resolve domain name" is the message I got from ssllabs.com
Is there any workaround to validate or compare my settings?
