Solved: Re: Unable to access PIX through PDM

salsyed1 · ‎03-31-2005

My customer has a PIX 506 E running OS ver 6.3 and PDM version 3.0(1).

i cant access the PIX via PDM from any computer in the enterprise although i have the latest java kits installed. The applet shows the following error message when launched: "applet noiniated" . a prompt window pops up saying that "host name mismatch" .

"The hostname in the server security certificate does not match the name of the server."

for some reason, it says that the PIX's hostname in the certificate is "hostname.domain name + OID.1.2.840.113549.1.9.2 = hostname.domain name"

the applet also shows the following message at the bottom of the window.

exception: java.security.accesscontrolexception: accessdenied

Although i've allowed the host in the http ip address inside command, im still having this problem.

I would be extremely grateful for your quick help.

Thanks and Regards,

Salman,

Singapore

Patrick Iseli · ‎04-01-2005

Last guess, if the the delete of the stored certicate does not help. But I guess it does?

There is a problem with the Java version 5 and the PDM.

Do a downgrade to 1.4.x and try again.

See:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB?cmd=display_location&location=.1dd7bd2e

sincerely

Patrick

View solution in original post

Patrick Iseli · ‎03-31-2005

Your certificate might be invalid.

Regenerate it and try again.

Connect on the local console or with telnet:

conf t

#Remove old rsa key

ca zeroize rsa

#Regenerate a new key

ca generate rsa key 1024

#Save the key in Flash

ca save all

#Configure access to PDM:

http server enable

http YourHostIP 255.255.255.255 inside

management-access inside

sincerely

Patrick

salsyed1 · ‎03-31-2005

Dear Patrick,

Thanks a million for the quick reply. I did all that you asked to do but my customer is still facing the same errors that i mentioned earler as if nothing was changed/added. Is there any other solution? Should i restart the firewall and try again? i've already tried reinstalling PDM so should i try reinstalling the PIX's OS image??

Thanks and Regards,

Salman

Singapore

mhussein · ‎04-01-2005

Hi,

From your description, it seems that the old pix issued certificate is already "accepted" and installed in Internet Explorer. If that the case, try removing the certificate from IE:

Tools -> Internet Options -> Content -> Certificates

locate and examine the certificate (cert name is "Cisco ...." I think) make sure it the one issued by the PIX. Remove it.

Please let us know if that helps.

Regards,

Mustafa

Patrick Iseli · ‎04-01-2005

Last guess, if the the delete of the stored certicate does not help. But I guess it does?

There is a problem with the Java version 5 and the PDM.

Do a downgrade to 1.4.x and try again.

See:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB?cmd=display_location&location=.1dd7bd2e

sincerely

Patrick

salsyed1 · ‎04-04-2005

Dear Patrick,

The downgrade to java version 1.4.1_07 solved my problem. i'm really grateful to you, Mr, Mustafa and Mr. Dopenfield for the quick and prompt help that you people extended towards me.

Regards,

Salman Abbas

Transmarco Data Systems, Singapore

dopenfield · ‎04-01-2005

If they have Java 1.5 update 2 they need to back down to Update 1.

Check out this thread...

http://forum.java.sun.com/thread.jspa?threadID=610328&tstart=0