05-28-2024 04:07 AM
I am getting untrusted server certificate error while connecting to the VPN. I have installed the certificate and is showing valid.
Note the certificate is wildcard certificate.
Solved! Go to Solution.
05-28-2024 05:08 AM
@amitspanchal if you create and FQDN called firepower.abc.com and connect to firepower.abc.com from anyconnect/secure client and the wildcard on the FTD is *.abc.com you will not receive the certificate error. The FQDN used to connect to the VPN must be valid on the certificate. You are receiving the error because you connect to the IP address, which obviously does not match the wildcard domain.
05-28-2024 04:37 AM
I assume the FQDN used in anyconnect matches the wildcard domain?
Have you enabled this certificate trustpoint on the outside interface?
ssl trustpoint <trustpoint name> OUTSIDE
...otherwise the ASA will not be using that certificate.
05-28-2024 04:40 AM
Yes ROB,
I have enabled this certificate on the outside interface.
ssl trust-point Hobasa_cert
webvpn
enable outside
05-28-2024 04:45 AM
Ok, I can see you are attempting to connect to the IP address 27.10*.*.* not the FQDN. It will display this error, you need to connect to the FQDN that matches the wildcard domain.
05-28-2024 05:03 AM
Hi Rob,
Thanks for your response. So suppose I have a wildcard certificate which is issued to *.abc.com and if I create a DNS entry for my firewall on the internet like firepower.abc.com and use this FQDN for Anyconnect VPN. So after that will I be getting the same certificate error?
05-28-2024 05:08 AM
@amitspanchal if you create and FQDN called firepower.abc.com and connect to firepower.abc.com from anyconnect/secure client and the wildcard on the FTD is *.abc.com you will not receive the certificate error. The FQDN used to connect to the VPN must be valid on the certificate. You are receiving the error because you connect to the IP address, which obviously does not match the wildcard domain.
05-29-2024 11:39 PM - edited 05-30-2024 03:28 AM
Thanks
MHM
05-29-2024 10:33 PM
Hi Rob,
This thing worked for me. Thank you very much for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide