04-19-2012 06:38 AM - edited 03-11-2019 03:55 PM
I am running Cisco Adaptive Security Appliance Software Version 8.3(2) Device Manager Version 6.4(1). This will be used as a VPN gateway. I am having troubles installing our cert. I can install the cert, but it never connects witht he correct key. It references trustpoint0 when it is trustpoint1. I deleted all trustpoints and it still happens. I could use some help with that.
vpngw4# sh run | begin rust
crypto ca trustpoint ASDM_TrustPoint0
crl configure
crypto ca trustpoint ASDM_TrustPoint1
keypair ASDM_TrustPoint0
crl configure
crypto ca certificate chain ASDM_TrustPoint1
certificate 0f8e62
308203d5 ....... 8c
quit
I deleted both trust points and when I do a sh run both are gone, but when I then import the cert (via ASDM) it creates trustpoint0 again.
The result is that when I connect to the box via WebVPN it gives me a certificate error.
Thanks
Joerg
04-19-2012 12:34 PM
Hello,
So I can see you can import the certificate but the certificate used by the ASA is not the one you need right?
If that is the issue you can configure on the ASA witch Certificate will be used for WebVPN sessions:
On the CLI:
ssl trust-point ASDM_TrustPoint0 outside
Then you will use the certificate you just imported.
If I missunderstood the question just let me know, I will be more than glad to help.
Regards.
Do rate all the helpful posts
Julio
04-19-2012 01:01 PM
Julio,
I tried this an dI still get a certificate error. I *think* my issue is that the cert refers imported in trustpoint1 references the key of trustpoint0. But I am not quite sure.
04-19-2012 02:15 PM
Hello Joe,
I mean when you configure the trustpoint you have the option to choose the proper key!
Can you do a debug webpvn while you attempt to connect.
Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: