cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1167
Views
0
Helpful
2
Replies

Java SSL exception accessing ASDM

Jcane1
Level 1
Level 1

Greetings everyone, 

 

I have hit a wall on getting into ASDM on my ASA 5510 and need some wisdom on how to get this knocked out. 

 

So far I have configured the http server and have downloaded ASDM, when launching ASDM Java is throwing an SSL exception that I cant interpret. I have added the ASDM URL to the trusted sites list and downloaded the device cert and added it to the java certificates panel.

 

Any guidance would be greatly appreciated.

 

Java version (java --version) Mac OS 10.14.5

java 12.0.2 2019-07-16

Java(TM) SE Runtime Environment (build 12.0.2+10)

 

Exception:

javax.net.ssl.SSLException: java.lang.NullPointerException
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1903)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1886)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1402)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570)
at sun.net.www.protocol.http.HttpURLConnection.access$200(HttpURLConnection.java:92)
at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1490)
at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1488)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:784)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1487)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268)
at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doHeadRequestEX(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.javaws.Launcher.updateFinalLaunchDesc(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
at com.sun.deploy.security.X509DeployKeyManager.chooseClientAlias(Unknown Source)
at sun.security.ssl.AbstractKeyManagerWrapper.chooseClientAlias(SSLContextImpl.java:1336)
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:868)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:369)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
... 27 more

2 Replies 2

Alan Ng'ethe
Level 3
Level 3

Some more information...

Can we see the basics? On the ASA;
show run http
show run asdm

show version

What is the asdm version uploaded to the device?

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.

Hi Alan, 

 

Thanks for your reply.

Here is the config information you wanted to verify. 

Cheers.

 

sh run http

http server enable

http 172.16.1.0 255.255.255.0 INSIDE

http 172.17.0.0 255.255.0.0 INSIDE

http 172.16.0.0 255.255.0.0 OUTSIDE

http authentication-certificate OUTSIDE

 

 

sh run

: Saved

:

: Hardware:   ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz

:

ASA Version 9.1(6)11

!

boot system disk0:/asa916-11-k8-guest.bin

 

interface Ethernet0/0

nameif OUTSIDE

security-level 0

ip address dhcp

!

interface Ethernet0/1

shutdown

nameif INSIDE

security-level 100

ip address 10.0.0.1 255.255.255.0

 

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL

http server enable

http 172.16.1.0 255.255.255.0 INSIDE

http 172.17.0.0 255.255.0.0 INSIDE

http 172.16.0.0 255.255.0.0 OUTSIDE

http authentication-certificate OUTSIDE

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpoint canewall

crl configure

crypto ca trustpool policy

telnet 172.16.0.0 255.255.255.0 OUTSIDE

telnet 172.16.0.0 255.255.0.0 OUTSIDE

telnet timeout 5

no ssh stricthostkeycheck

ssh 172.17.0.0 255.255.0.0 OUTSIDE

ssh timeout 5

ssh key-exchange group dh-group1-sha1

 

Review Cisco Networking for a $25 gift card