cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1609
Views
0
Helpful
5
Replies

No access to asdm !?!

mstoitso
Cisco Employee
Cisco Employee

On Monday I  was able to  run  ASDM on my PC but last days it crashed.

 

So I’m using Java 7 update 79. I added the ip address of the asa to the exception list and imported the ASA certificate into  Java as well in trusted root authorities store  in windows  

This is the current configuration.

aaa authentication enable console LOCAL

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

ciscoasa# sh run ssl

ssl encryption 3des-sha1 aes128-sha1

 

And the error message is  ERR_CERT_AUTHORITY_INVALID

 

 

Cisco Adaptive Security Appliance Software Version 9.1(5)16

Each device can ping each other. Firewall switched off

ASDM version 7122.bin

 

Could please advise how to solve the issue please.

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

And the error message is  ERR_CERT_AUTHORITY_INVALID

 

here is the document to fix.

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/107956-renew-ssl.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thank you Balaji , i will try the fix and  give you feedback.  but am I able to renew the certificate without access to asdm ?!

 

I don't  have an access to  ASDM at all.

I Tried with

 

crypto ca trustpoint ASDM_TrustPoint0
        keypair CertKey
        id-usage ssl-ipsec 
        fqdn 5540-uwe
        subject-name CN=ASA5540.company.com,OU=LAB,O=Cisco ystems,C=US,St=CA
        enrollment terminal
 crypto ca enroll ASDM_TrustPoint0
ssl trust poin certificate name

 but i got an error message

ERROR: Trustpoint not enrolled.  Please enroll trustpoint and try again.

 

then i tried with

 

Equivalent CLI of the configuration.

ASA5520A(config)#crypto key generate rsa usage-keys label Cert-key modulus 2048 noconfirm

ASA5520A(config)#crypto ca trustpoint My_Certificate

ASA5520A(config-ca-trustpoint)#keypair Cert-Key

ASA5520A(config-ca-trustpoint)# fqdn myvpn.cisco.com

ASA5520A(config-ca-trustpoint)#subject-name CN=myvpn.cisco.com,OU=IT,O="Cisco Systems, Inc",C=US,St=California,L=San Jose,EA=admin@cisco.com

ASA5520A(config-ca-trustpoint)#enrollment terminal

ASA5520A(config)#crypto ca enroll My_Certificate noconfirm

ASA5520A(config)#crypto ca authenticate My_Certificate

ASA5520A(config)#ssl trustpoint outside My_Certificate 

 

but got the same error message

 

 

this is the debug from the http 255

 

HTTP: admin session verified =  [0]

HTTP: processing GET URL '/' from host 192.168.80.144

HTTP: processing handoff to legacy admin server [/favicon.ico]

HTTP: admin session verified =  [0]

HTTP: processing GET URL '/favicon.ico' from host 192.168.80.144

HTTP: Periodic admin session check  (idle-timeout = 1200, session-timeout = 0)

 

the issue is still outgoing.

I got  the asdm idm launcher  but i think that i have a compatibility issue.

 

 

Just to be sure

 

Cisco Adaptive Security Appliance Software Version 9.1(5)16

Device Manager Version 7.12(2)

 

So I can run any asdm  version 7.1(6)+ and above ?!

 I got an error massage unable to lauch device menager from ip

I copied all the Java Cryptography Extension files to the java security folde but  it didi  hot help

 

I tried with the lates version of java.

 

java reported

 

javax.net.ssl.SSLException:failed

the ASA self signed certificate is imported in javatrusted certificates

Review Cisco Networking for a $25 gift card