cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1849
Views
15
Helpful
9
Replies
iowaelectronics
Beginner

SSL VPN, is there a way to not have it display the 'untrusted site' warning when connecting

SSL VPN, is there a way to not have it display the 'untrusted site'  warning when connecting. I have a trusted 3rd party cert installed on  the ASA. Is there a way when I connect to it via the Web to not have it  give the users the below page and just go to the login. If they hit  continue it works but we're looking for a way of removing this error.

There is a problem with this website's security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.

The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. 

  We recommend that you close this webpage and do not continue to this website. 

  Click here to close this webpage. 

  Continue to this website (not recommended). 

     More information

1 ACCEPTED SOLUTION

Accepted Solutions

Hi Jason,

Please do the following:

1- no ssl trustpoint  ssl.axisbu.com.trustpoint outside

2- webvpn

     no enable outside

     exit

3- ssl trustpoint ASDM_TrustPoint3 outside

4- webpvn

     enable outside

It looks like it is not presenting the right certificate, probably the self-signed got stuck, please follow the steps and let me know.

Thanks.

Portu.

View solution in original post

9 REPLIES 9

Hi Jason,

So you installed a third party certificate and you still see the cert warning?

Where is this 3rd party cert from? Godaddy, Entrust, Verisign?

Please attach the "show run ssl" output.

Thanks.

Portu

Yes, its from Godaddy

The command

"show run ssl" output.gave me this

ssl trust-point ssl.axisbu.com.trustpoint outside

Please attach the following command:

show crypto ca certificate ssl.axisbu.com.trustpoint

Thanks.

Hope this helps, SSL problems always kill me.

Certificate

  Status: Available

  Certificate Serial Number: 079872d98e66fb

  Certificate Usage: General Purpose

  Public Key Type: RSA (2048 bits)

  Issuer Name:

    serialNumber=07969287

    cn=Go Daddy Secure Certification Authority

    ou=http://certificates.godaddy.com/repository

    o=GoDaddy.com\, Inc.

    l=Scottsdale

    st=Arizona

    c=US

  Subject Name:

    cn=ssl.axisbu.com

    ou=Domain Control Validated

    o=ssl.axisbu.com

  OCSP AIA:

    URL: http://ocsp.godaddy.com/

  CRL Distribution Points:

    [1]  http://crl.godaddy.com/gds1-76.crl

  Validity Date:

    start date: 16:01:44 CDT Sep 17 2012

    end   date: 12:22:09 CDT Jul 25 2015

  Associated Trustpoints: ssl.axisbu.com.trustpoint

CA Certificate

  Status: Available

  Certificate Serial Number: 0301

  Certificate Usage: General Purpose

  Public Key Type: RSA (2048 bits)

  Issuer Name:

    ou=Go Daddy Class 2 Certification Authority

    o=The Go Daddy Group\, Inc.

    c=US

  Subject Name:

    serialNumber=07969287

    cn=Go Daddy Secure Certification Authority

    ou=http://certificates.godaddy.com/repository

    o=GoDaddy.com\, Inc.

    l=Scottsdale

    st=Arizona

    c=US

  OCSP AIA:

    URL: http://ocsp.godaddy.com

  CRL Distribution Points:

    [1]  http://certificates.godaddy.com/repository/gdroot.crl

  Validity Date:

    start date: 19:54:37 CST Nov 15 2006

    end   date: 19:54:37 CST Nov 15 2026

  Associated Trustpoints: ssl.axisbu.com.trustpoint

Hi Jason,

Please do the following:

1- no ssl trustpoint  ssl.axisbu.com.trustpoint outside

2- webvpn

     no enable outside

     exit

3- ssl trustpoint ASDM_TrustPoint3 outside

4- webpvn

     enable outside

It looks like it is not presenting the right certificate, probably the self-signed got stuck, please follow the steps and let me know.

Thanks.

Portu.

View solution in original post

I get this erro on the first command

no ssl trustpoint  ssl.axisbu.com.trustpoint outside

            ^

ERROR: % Invalid input detected at '^' marker.

Jason,

Did you try in global configuration mode?

Thanks.

I just rebooted the ASA and it is working now. SOmetimes you just have to reboot.

Thanks for your help

Glad to help

Have a good one.

Content for Community-Ad