cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2172
Views
5
Helpful
5
Replies

SSL Certificate on ASA - Missing something?

machine23
Level 1
Level 1

Hello All , 

 

I have added an SSL cert for the ASA - ciscoasa.ladderbar.com (195.36.189.55) and applied the certificate on the SSL settings on the ASA so when users use anyconnect using the DNS name (ciscoasa.ladderbar.com) it works good and no risk message is shown , but when they use the IP it comes up with certificate not trusted message.

Same issue when I browse - https://195.36.189.55 - website shows not secure but https://ciscoasa.ladderbar.com - shows secure.

Any settings on the ASA that i might have missed ?

 

Thank you 

1 Accepted Solution

Accepted Solutions

Hi,

No settings on ASA will fix this. You missed to add your ASA IP to the
certificate. Try to regenerate the certificate with CN as
ciscoasa.ladderbar.com and have the IP added to SAN names in the
certificate. This will resolve the issue properly.

**** please remember to rate useful posts

View solution in original post

5 Replies 5

Nothing that you missed here. That's the way it works. The IP address is not part of the certificate and with that not trusted by the client.

machine23
Level 1
Level 1
Ah right okay so I just give the users the the FQDN and leave it at that then .. well that was easy thank you for clarification:)

Hi,

No settings on ASA will fix this. You missed to add your ASA IP to the
certificate. Try to regenerate the certificate with CN as
ciscoasa.ladderbar.com and have the IP added to SAN names in the
certificate. This will resolve the issue properly.

**** please remember to rate useful posts

Hi , thanks for this , I thought I did put the ip in ... but I will rekey and make sure , also in the fortigates it works without adding the ip in the fortigates. 

In my opinion it's not worth the effort to put the IP in the certificate. The CA needs a stricter validation process that you must follow to get the certificate, the certificates are more expensive and if you are using Windows, it will likely not work with older versions than Win10.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: