cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2285
Views
15
Helpful
2
Replies

Cisco ASA getting temp cert : Device selects trust-point ASA-self-signed for client

demichel2
Beginner
Beginner

Hi ALL, 

After I import a certificate with GlobalSign from another ASA users from anyconnect are getting this error message:

Anyconnect cannot verify server : domain.com 

Certificate does not match the server name 

Certificate is from an untrusted source 

The current setting in the ASA are:

ssl trust-point GlobalSign outside

In the log : 

6 Dec 07 2015 10:29:14 725016 Device selects trust-point ASA-self-signed for client outside:

This mean that the ASA are not getting the correct certificate ? why ?

1 Accepted Solution

Accepted Solutions

rvarelac
Rising star
Rising star

Hi demichel2,  

Can you indicate which ASA versiona are you running? 

If you are running 9.4 and above, you might need to disable the ECDSA with the following command:

ssl cipher tlsv1.2 custom
"AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA:RC4-SHA:RC4-MD5"

-Randy- 

View solution in original post

2 Replies 2

rvarelac
Rising star
Rising star

Hi demichel2,  

Can you indicate which ASA versiona are you running? 

If you are running 9.4 and above, you might need to disable the ECDSA with the following command:

ssl cipher tlsv1.2 custom
"AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA:RC4-SHA:RC4-MD5"

-Randy- 

Work fine with the command ! Thank you

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers