08-06-2019 11:53 AM
Greetings everyone,
I have hit a wall on getting into ASDM on my ASA 5510 and need some wisdom on how to get this knocked out.
So far I have configured the http server and have downloaded ASDM, when launching ASDM Java is throwing an SSL exception that I cant interpret. I have added the ASDM URL to the trusted sites list and downloaded the device cert and added it to the java certificates panel.
Any guidance would be greatly appreciated.
Java version (java --version) Mac OS 10.14.5
java 12.0.2 2019-07-16
Java(TM) SE Runtime Environment (build 12.0.2+10)
Exception:
javax.net.ssl.SSLException: java.lang.NullPointerException
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1903)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1886)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1402)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570)
at sun.net.www.protocol.http.HttpURLConnection.access$200(HttpURLConnection.java:92)
at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1490)
at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1488)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:784)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1487)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268)
at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doHeadRequestEX(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.javaws.Launcher.updateFinalLaunchDesc(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
at com.sun.deploy.security.X509DeployKeyManager.chooseClientAlias(Unknown Source)
at sun.security.ssl.AbstractKeyManagerWrapper.chooseClientAlias(SSLContextImpl.java:1336)
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:868)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:369)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
... 27 more
08-06-2019 09:11 PM
Some more information...
Can we see the basics? On the ASA;
show run http
show run asdm
show version
What is the asdm version uploaded to the device?
08-08-2019 02:57 PM
Hi Alan,
Thanks for your reply.
Here is the config information you wanted to verify.
Cheers.
sh run http
http server enable
http 172.16.1.0 255.255.255.0 INSIDE
http 172.17.0.0 255.255.0.0 INSIDE
http 172.16.0.0 255.255.0.0 OUTSIDE
http authentication-certificate OUTSIDE
sh run
: Saved
:
: Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
:
ASA Version 9.1(6)11
!
boot system disk0:/asa916-11-k8-guest.bin
interface Ethernet0/0
nameif OUTSIDE
security-level 0
ip address dhcp
!
interface Ethernet0/1
shutdown
nameif INSIDE
security-level 100
ip address 10.0.0.1 255.255.255.0
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 172.16.1.0 255.255.255.0 INSIDE
http 172.17.0.0 255.255.0.0 INSIDE
http 172.16.0.0 255.255.0.0 OUTSIDE
http authentication-certificate OUTSIDE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint canewall
crl configure
crypto ca trustpool policy
telnet 172.16.0.0 255.255.255.0 OUTSIDE
telnet 172.16.0.0 255.255.0.0 OUTSIDE
telnet timeout 5
no ssh stricthostkeycheck
ssh 172.17.0.0 255.255.0.0 OUTSIDE
ssh timeout 5
ssh key-exchange group dh-group1-sha1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide