actually it just started

mmercaldieze · ‎11-10-2015

I have imported an ssl certificate form another asa:

crypto ca trustpoint ASDM_TrustPoint0
keypair ASDM_TrustPoint0
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 27bfaae5a9a0d7

And applied that certificate to the outside

ssl trust-point ASDM_TrustPoint0 outside

However when I go to the company's vpn site I still am getting the self signed certificate, is there something I am missing?

Dinesh Moudgil · ‎11-10-2015

Hi mmercaldieze,

Please share the output of "show cry ca certificate"

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

mmercaldieze · ‎11-10-2015

Certificate
Status: Available
Certificate Serial Number: 11111111111
Certificate Usage: General Purpose
Public Key Type: RSA (2048 bits)
Signature Algorithm: SHA256 with RSA Encryption
Issuer Name:
    cn=Go Daddy Secure Certificate Authority - G2
    ou=http://certs.godaddy.com/repository/
    o=GoDaddy.com\, Inc.
    l=Scottsdale
    st=Arizona
    c=US
Subject Name:
    cn=*.mycompany.com
    ou=Domain Control Validated
OCSP AIA:
    URL: http://ocsp.godaddy.com/
CRL Distribution Points:
    [1] http://crl.godaddy.com/gdig2s1-87.crl
Validity Date:
    start date: 20:33:08 EST Nov 17 2014
    end   date: 20:00:34 EST Nov 12 2016
Associated Trustpoints: ASDM_TrustPoint0

Dinesh Moudgil · ‎11-10-2015

Thanks for the input. Please confirm the following.

1. Is the subroot certificate also installed on the ASA.
2. ASA code and platform.
3. Is it SHA1 or SHA2 certificate.
4. When you browse ASAs IP in the browser, what is the certificate that you get.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

mmercaldieze · ‎11-10-2015

actually it just started working, I am experiencing a different certificate error but that is due to the certificate itself.

anyconnect not using ssl certificate