05-30-2019 11:41 PM
On Monday I was able to run ASDM on my PC but last days it crashed.
So I’m using Java 7 update 79. I added the ip address of the asa to the exception list and imported the ASA certificate into Java as well in trusted root authorities store in windows
This is the current configuration.
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
ciscoasa# sh run ssl
ssl encryption 3des-sha1 aes128-sha1
And the error message is ERR_CERT_AUTHORITY_INVALID
Cisco Adaptive Security Appliance Software Version 9.1(5)16
Each device can ping each other. Firewall switched off
ASDM version 7122.bin
Could please advise how to solve the issue please.
05-31-2019 12:34 AM
And the error message is ERR_CERT_AUTHORITY_INVALID
here is the document to fix.
05-31-2019 02:05 AM - edited 05-31-2019 02:25 AM
Thank you Balaji , i will try the fix and give you feedback. but am I able to renew the certificate without access to asdm ?!
I don't have an access to ASDM at all.
05-31-2019 01:39 PM - edited 05-31-2019 01:40 PM
I Tried with
crypto ca trustpoint ASDM_TrustPoint0 keypair CertKey id-usage ssl-ipsec fqdn 5540-uwe subject-name CN=ASA5540.company.com,OU=LAB,O=Cisco ystems,C=US,St=CA enrollment terminal crypto ca enroll ASDM_TrustPoint0
ssl trust poin certificate name
but i got an error message
ERROR: Trustpoint not enrolled. Please enroll trustpoint and try again.
then i tried with
Equivalent CLI of the configuration.
ASA5520A(config)#crypto key generate rsa usage-keys label Cert-key modulus 2048 noconfirm
ASA5520A(config)#crypto ca trustpoint My_Certificate
ASA5520A(config-ca-trustpoint)#keypair Cert-Key
ASA5520A(config-ca-trustpoint)# fqdn myvpn.cisco.com
ASA5520A(config-ca-trustpoint)#subject-name CN=myvpn.cisco.com,OU=IT,O="Cisco Systems, Inc",C=US,St=California,L=San Jose,EA=admin@cisco.com
ASA5520A(config-ca-trustpoint)#enrollment terminal
ASA5520A(config)#crypto ca enroll My_Certificate noconfirm
ASA5520A(config)#crypto ca authenticate My_Certificate
ASA5520A(config)#ssl trustpoint outside My_Certificate
but got the same error message
this is the debug from the http 255
HTTP: admin session verified = [0]
HTTP: processing GET URL '/' from host 192.168.80.144
HTTP: processing handoff to legacy admin server [/favicon.ico]
HTTP: admin session verified = [0]
HTTP: processing GET URL '/favicon.ico' from host 192.168.80.144
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
the issue is still outgoing.
06-01-2019 12:25 AM
I got the asdm idm launcher but i think that i have a compatibility issue.
Just to be sure
Cisco Adaptive Security Appliance Software Version 9.1(5)16
Device Manager Version 7.12(2)
So I can run any asdm version 7.1(6)+ and above ?!
06-01-2019 03:09 AM - edited 06-01-2019 03:22 AM
I got an error massage unable to lauch device menager from ip
I copied all the Java Cryptography Extension files to the java security folde but it didi hot help
I tried with the lates version of java.
java reported
javax.net.ssl.SSLException:failed
the ASA self signed certificate is imported in javatrusted certificates
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide