07-20-2012 07:21 AM
I currently have an issue where a certificate is bypassing the the order of certificate to connnection profile mapping.
I have added a new certificate mapping, TOMS_CERT_MAP.
Does anyone know how to create the best level of debugging for this.
I was expecting to see details from webvpn debugging but this is not showing much.
I am hoping to see in the logs that it is checking TOMS_CERT_MAP before moving on to the next two certificate mappings, currently I am not seeing this.
do I need to disable and reenable the interface for the new mapping to work?
webvpn
certificate-group-map LN_CERT_MAP 10 LN_CP
certificate-group-map TR_CERT_MAP 10 TR_CP
certificate-group-map TOMS_CERT_MAP 9 IPAD_CP
!
!
crypto ca certificate map LN_CERT_MAP 10
subject-name attr cn co ln
crypto ca certificate map TR_CERT_MAP 10
subject-name attr cn co tr
crypto ca certificate map TOMS_CERT_MAP 9
subject-name attr cn co kelly
!
Any assistance is greatly appreciated.
07-24-2012 01:38 PM
Hey ,
please try the following :
logging buffered debugging
and also
debug crypto ca
debug cry ca mesages
debug cry ca transaction
Thanks .
Mohammad.
07-25-2012 08:44 AM
Ramadan Mubarak Mohammad,
Cheers for the feedback really appreciate it.
I resolved this by removing all the certificate mappings and readding them.
This resolved my issue.
However anytime I have to create a new certificate mapping I have to remove them all and re add them.
Not a perfect solution but it is working.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide