03-31-2005 07:41 PM - edited 02-21-2020 12:03 AM
My customer has a PIX 506 E running OS ver 6.3 and PDM version 3.0(1).
i cant access the PIX via PDM from any computer in the enterprise although i have the latest java kits installed. The applet shows the following error message when launched: "applet noiniated" . a prompt window pops up saying that "host name mismatch" .
"The hostname in the server security certificate does not match the name of the server."
for some reason, it says that the PIX's hostname in the certificate is "hostname.domain name + OID.1.2.840.113549.1.9.2 = hostname.domain name"
the applet also shows the following message at the bottom of the window.
exception: java.security.accesscontrolexception: accessdenied
Although i've allowed the host in the http ip address inside command, im still having this problem.
I would be extremely grateful for your quick help.
Thanks and Regards,
Salman,
Singapore
Solved! Go to Solution.
04-01-2005 04:52 AM
Last guess, if the the delete of the stored certicate does not help. But I guess it does?
There is a problem with the Java version 5 and the PDM.
Do a downgrade to 1.4.x and try again.
See:
sincerely
Patrick
03-31-2005 10:45 PM
Your certificate might be invalid.
Regenerate it and try again.
Connect on the local console or with telnet:
conf t
#Remove old rsa key
ca zeroize rsa
#Regenerate a new key
ca generate rsa key 1024
#Save the key in Flash
ca save all
#Configure access to PDM:
http server enable
http YourHostIP 255.255.255.255 inside
management-access inside
sincerely
Patrick
03-31-2005 11:46 PM
Dear Patrick,
Thanks a million for the quick reply. I did all that you asked to do but my customer is still facing the same errors that i mentioned earler as if nothing was changed/added. Is there any other solution? Should i restart the firewall and try again? i've already tried reinstalling PDM so should i try reinstalling the PIX's OS image??
Thanks and Regards,
Salman
Singapore
04-01-2005 12:48 AM
Hi,
From your description, it seems that the old pix issued certificate is already "accepted" and installed in Internet Explorer. If that the case, try removing the certificate from IE:
Tools -> Internet Options -> Content -> Certificates
locate and examine the certificate (cert name is "Cisco ...." I think) make sure it the one issued by the PIX. Remove it.
Please let us know if that helps.
Regards,
Mustafa
04-01-2005 04:52 AM
Last guess, if the the delete of the stored certicate does not help. But I guess it does?
There is a problem with the Java version 5 and the PDM.
Do a downgrade to 1.4.x and try again.
See:
sincerely
Patrick
04-04-2005 11:43 PM
Dear Patrick,
The downgrade to java version 1.4.1_07 solved my problem. i'm really grateful to you, Mr, Mustafa and Mr. Dopenfield for the quick and prompt help that you people extended towards me.
Regards,
Salman Abbas
Transmarco Data Systems, Singapore
04-01-2005 02:36 PM
If they have Java 1.5 update 2 they need to back down to Update 1.
Check out this thread...
http://forum.java.sun.com/thread.jspa?threadID=610328&tstart=0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide