Certificate to Connection Profile mapping Cisco ASA

cheery Tomato · ‎07-20-2012

I currently have an issue where a certificate is bypassing the the order of certificate to connnection profile mapping.

I have added a new certificate mapping, TOMS_CERT_MAP.

Does anyone know how to create the best level of debugging for this.

I was expecting to see details from webvpn debugging but this is not showing much.

I am hoping to see in the logs that it is checking TOMS_CERT_MAP before moving on to the next two certificate mappings, currently I am not seeing this.

do I need to disable and reenable the interface for the new mapping to work?

webvpn

certificate-group-map LN_CERT_MAP 10 LN_CP

certificate-group-map TR_CERT_MAP 10 TR_CP

certificate-group-map TOMS_CERT_MAP 9 IPAD_CP

!

crypto ca certificate map LN_CERT_MAP 10

subject-name attr cn co ln

crypto ca certificate map TR_CERT_MAP 10

subject-name attr cn co tr

crypto ca certificate map TOMS_CERT_MAP 9

subject-name attr cn co kelly

!

Any assistance is greatly appreciated.

Mohammad Alhyari · ‎07-24-2012

Hey ,

please try the following :

logging buffered debugging

and also

debug crypto ca

debug cry ca mesages

debug cry ca transaction

Thanks .

Mohammad.

cheery Tomato · ‎07-25-2012

Ramadan Mubarak Mohammad,

Cheers for the feedback really appreciate it.

I resolved this by removing all the certificate mappings and readding them.

This resolved my issue.

However anytime I have to create a new certificate mapping I have to remove them all and re add them.

Not a perfect solution but it is working.