Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
862
Views
0
Helpful
5
Replies

AnyConnect certificate

aelsbernd
Level 1
Level 1

‎05-09-2013 12:40 PM - edited ‎02-21-2020 06:53 PM

I have installed an SSL cert from Symantec for my AnyConnect configuration.  And everything seemed to be working fine however after logging into our anyconnect portal I am receiving an error during the Java applet launch saying "The web site's certificate cannot be verified.  Do you want to continue?"  Even though, from what I see, the site is verfied and encrypted...

Is there something I'm missing?   ... let me know what information you need to troubleshoot.

Labels:
0 Helpful
5 Replies 5

Varinder Singh
Cisco Employee
Cisco Employee

‎05-09-2013 01:05 PM

Andrew,

You need to apply the certifiacte on outside interface where you ahev enabled webvpn

Here is what you have to do

ASDM

Step 5. Configure WebVPN to Use the Newly Installed Certificate

ASDM Procedure

  1. Click Configuration, and then click Device           Management.

  2. Expand Advanced, and then expand SSL           Settings.

  3. Under Certificates, select the interface that is used to terminate           WebVPN sessions.

    In this example, the outside interface is used.

  4. Click Edit.

  5. In the Certificate drop-down list, choose the certificate installed           in Step 4.

  6. Click OK.

  7. Click Apply.

    Your new certificate should now be utilized for all WebVPN sessions           that terminate on the interface specified.

  8. See the Verify section in order to           confirm that the installation process was successful.

You also need to make sure that you complete the certifiacte chain in ASA as well.

Kindly let me know if that helps.

Regards,

Varinder

P.S. Please mark this post as 'Answered' if you find the above information helpful so that it brings goodness to other community users

Regards, Varinder P.S. Please mark this post as 'Answered' if you find the above information helpful so that it brings goodness to other community users
0 Helpful

aelsbernd
Level 1
Level 1
In response to Varinder Singh

‎05-09-2013 01:08 PM

Thanks for the reply,

It is already applied to the outside interface there.

0 Helpful

aelsbernd
Level 1
Level 1

‎05-09-2013 01:36 PM

Note*

This error does not show in Internet Explorer.

0 Helpful

Varinder Singh
Cisco Employee
Cisco Employee
In response to aelsbernd

‎05-09-2013 01:50 PM

Can you send the output of following comamnd:

Sh run all ssl

Regards,

Varinder

Regards, Varinder P.S. Please mark this post as 'Answered' if you find the above information helpful so that it brings goodness to other community users
0 Helpful

aelsbernd
Level 1
Level 1
In response to Varinder Singh

‎05-09-2013 01:54 PM

Here is the output:

ssl server-version any

ssl client-version any

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

ssl trust-point ASDM_TrustPoint1 outside

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents