08-04-2014 08:50 AM - edited 03-10-2019 12:16 AM
When starting the ASDM-IDM Launcher, I'm being asked to provide a certificate before logging in:
The certificates it lists for me to choose from were issued by an old Active Directory Enterprise CA that is no longer in service. The ASDM launcher started prompting me for a certificate after I recently uploaded the new CA certificate that replaced the old.
We use certificates for remote VPN connectivity and that's it. I don't need the ASA to prompt for certificates when logging in to manage it. What's the best way to correct this? Should I delete the CA Certificate and associated Truspoint using the ASDM?
Solved! Go to Solution.
08-06-2014 06:49 PM
I'm not sure why it's prompting for certificate-based authentication.
In any case, you might try adding:
aaa authentication http console LOCAL
...to the config.
08-05-2014 01:38 PM
Can you provide the output of "show run http"? That will show us the authentication method specified in the configuration for ASDM (which runs over https).
We would normally look for something like:
http authentication local
or
http authentication aaa local
(and in the latter case would also check our aaa authentication method).
08-06-2014 07:13 AM
show run http gives the following:
http server enable
http xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx inside
http redirect outside 80
Doesn't give anything about authentication.
I do have the following line in the config:
aaa authentication ssh console LOCAL
08-06-2014 06:49 PM
I'm not sure why it's prompting for certificate-based authentication.
In any case, you might try adding:
aaa authentication http console LOCAL
...to the config.
08-18-2014 11:02 AM
I opened a ticket with Cisco support and the technician had me run a "clear ssl" command, which seems to have fixed things.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide