Solved: view SHA fingerprint of self-signed cert on ASA webvpn client?

Bradley Urberg Carlson · ‎08-15-2015

When connecting to an ASA with self-signed cert, using Cisco AnyConnect Secure Mobility Client 3.1 (10010), the AnyConnect client presents the Big Red Box of Warning, which is good. The user would need to disable "Block Connections to Unknown Servers" in preferences in order to complete the connection.

Is there a way for the user to view the SHA1/SHA3 fingerprint of the self-signed cert, before disabling the security block? I could have sworn that older versions of the AnyConnect client allowed the user view the certificate details and fingerprint before choosing to Accept and connect.

Marvin Rhoads · ‎08-15-2015

You can't do that from AnyConnect 3.x or 4.x as far as I know. Even a Diagnostics and Reporting Tool (DART) bundle does not include that information.

It's easy enough to inspect though if you just browse to the ASA's interface from almost any browser. From there you can examine the site (ASA) certificate, including the RSA public key fingerprint.

View solution in original post

Marvin Rhoads · ‎08-15-2015

You can't do that from AnyConnect 3.x or 4.x as far as I know. Even a Diagnostics and Reporting Tool (DART) bundle does not include that information.

It's easy enough to inspect though if you just browse to the ASA's interface from almost any browser. From there you can examine the site (ASA) certificate, including the RSA public key fingerprint.