I've found that the documentation for this it is not very user friendly and you might have this issue if you cannot configure an ASA using ASDM.
I've found a lot of posts about Java issues with ASDM. One of the workarounds is to use a trusted identity certificate on the ASA. You might don't want to purchase a public SSL certificate so I offer an alternative to do it with a private one.
I will assume that you already created an internal certificate and that you also have your internal root certificate.
The internal server certificate + key is in .PFX (PKCS12) format encrypted with a password and your root certificate is a simple SSL certificate not encrypted in base64 format (PEM).
The issue is that the ASA expects to import the server certificate in pkcs(.p12) format encoded with base64
you just need to take your .pfx file and encode in base64 with the following command
#openssl base64 -in xxxxx.pfx > xxxxx.base64
Then you need to open the file and add the PKCS Header and footer just copy and paste it without leaving any space.
Verify that the truspoint was created: ASA(config)# show crypto ca trustpoints BRATO
Trustpoint BRATO: Not authenticated.
Verify that the key was created: ASA(config)# show crypto key mypubkey rsa | b BRATO Key name: BRATO Usage: General Purpose Key Modulus Size (bits): 1024 Key Data:
The last step is to add the root and the intermediate certifcates to the chain. That is why you have a NOT AUTHENTICATED truspoint. You need to encode your certificates chain with base64 again. Remember that on the certificate chain you need to form the chain in the issuing order:
Certificate has the following attributes: Fingerprint: xxxxxxx xxxxxxxx xxxxxxx xxxxx % Do you accept this certificate? [yes/no]: yes Trustpoint CA certificate accepted. % Certificate successfully imported
ASA(config)# show crypto ca trustpoint BRATO Trustpoint BRATO: Subject Name: cn=brato-DC-CA dc=brato dc=local Serial Number: gglfshlkahfklsahflkhaslkf Certificate configured.
When running show version on an ASA5508X, I get the following warning :FPGA UPGRADE Version : 2.2FPGA GOLDEN Version : unavailableWARNING: Platform FPGA version is older than minimum recommended image. I haven't found any documentation on how to upgr...
Hi all, So we've deployed a Cisco ASAv in Microsoft Azure, which is working fine. But we are having a lot of trouble with updates and monitoring agents. Now i know you can't just whitelist wildcard domains, but it seems like we really need to do some...
Currently We have deployed FireAMP Private Cloud. Software and Content Ver is 3.1.1) Why Quarantine is Failed for following files , Desktop is Windows 7. Connector is Protect Detection - &nb...
Hi there,I want to do ISE capacity management for my PSN nodes. I want to see the "Active Endpoints" per PSN node.Of course, this can be acomplished by the endpoints table and the correct filters. However, I only see the currently active endpoints.Is ther...