Access PDM on PIX515E

robert.l.jones · ‎06-22-2004

I am unable to access the PDM on my PIX515E. I open a browser, inside IP address of the PIX, and when the security alert gui displays there is an error: "The name on the security certificate is invalid or does not match the name of the site"

owillins · ‎06-28-2004

Have you changed the hostname of the PIX after connecting with PDM? If the hostname on the PIX changes, the certificate is not valid anymore. Delete the certificate and try connecting again. It should work.

robert.l.jones · ‎06-29-2004

No, I did not change the hostname of the PIX since after trying to connect to PDM. My firewalls are in stateful failover mode, if that makes a difference. Where do I find the certificate inorder to delete it? Also the certificate is using the hostname plus domain (i.e. firewall1.business.local)

jonathanstevens · ‎06-29-2004

To delete your rsa keys, use the command

ca zeroise rsa

To generate your keys (assuming you are not using a ca)

If you haven't already done so...

hostname yourmyhostname

domain-name yourdomainname.com

then...

ca generate rsa key 1024

This will generate the keys.

Then

ca save all

Once that is done, unless the hostname you type into the browser when you connect is..

https://yourhostname.yourdomainname.com

you will get that message as your browser is comparing the URL you type with the name on the certificate. If it doesn't match you will see that error, but it doesn't stop you continuing. The session is still encrypted, it's just not authenticated,