Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2965
Views
5
Helpful
5
Replies

SSL Certificate on ASA - Missing something?

Go to solution
machine23
Level 1
Level 1

‎01-16-2021 11:15 AM

Hello All , 

 

I have added an SSL cert for the ASA - ciscoasa.ladderbar.com (195.36.189.55) and applied the certificate on the SSL settings on the ASA so when users use anyconnect using the DNS name (ciscoasa.ladderbar.com) it works good and no risk message is shown , but when they use the IP it comes up with certificate not trusted message.

Same issue when I browse - https://195.36.189.55 - website shows not secure but https://ciscoasa.ladderbar.com - shows secure.

Any settings on the ASA that i might have missed ?

 

Thank you 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎01-16-2021 11:03 PM

Hi,

No settings on ASA will fix this. You missed to add your ASA IP to the
certificate. Try to regenerate the certificate with CN as
ciscoasa.ladderbar.com and have the IP added to SAN names in the
certificate. This will resolve the issue properly.

**** please remember to rate useful posts

View solution in original post

5 Replies 5

Go to solution
Karsten Iwen
VIP
VIP

‎01-16-2021 12:06 PM

Nothing that you missed here. That's the way it works. The IP address is not part of the certificate and with that not trusted by the client.

0 Helpful

Go to solution
machine23
Level 1
Level 1

‎01-16-2021 12:20 PM

Ah right okay so I just give the users the the FQDN and leave it at that then .. well that was easy thank you for clarification:)
0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎01-16-2021 11:03 PM

Hi,

No settings on ASA will fix this. You missed to add your ASA IP to the
certificate. Try to regenerate the certificate with CN as
ciscoasa.ladderbar.com and have the IP added to SAN names in the
certificate. This will resolve the issue properly.

**** please remember to rate useful posts

Go to solution
machine23
Level 1
Level 1
In response to Mohammed al Baqari

‎01-17-2021 12:49 AM

Hi , thanks for this , I thought I did put the ip in ... but I will rekey and make sure , also in the fortigates it works without adding the ip in the fortigates. 

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to machine23

‎01-17-2021 01:05 AM

In my opinion it's not worth the effort to put the IP in the certificate. The CA needs a stricter validation process that you must follow to get the certificate, the certificates are more expensive and if you are using Windows, it will likely not work with older versions than Win10.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card