Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1093
Views
20
Helpful
4
Replies

SSL Certificate

Go to solution
mautez_mah
Level 1
Level 1

‎05-13-2022 04:38 AM

in Cisco ASA all VPN users accessing FW and servers  using Cisco any connect with a specific URL
I have changed URL which is recorded in Goddady, 
but once I connect the message shows certificate untrust  , 
there are some CA certificate in ASA for old URL 
How can I solve this issue , how I can I add certicate to trust new URL 

Preview file
46 KB
Preview file
75 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP
In response to mautez_mah

‎05-17-2022 05:03 PM

were you able to manage get the identity cert and upload on the firewall. if you using a cert from another make sure the certificate is in pkcs12  format with private key.

please do not forget to rate.

View solution in original post

4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎05-13-2022 05:12 AM

@mautez_mah the FQDN of vpn.tamam.life does not match the name on the certificate, hence the error. You should change the FQDN of the ASA you connec to, to match the name on the certificate.

Go to solution
mautez_mah
Level 1
Level 1

‎05-13-2022 05:23 AM

@Rob Ingram 

Thanks but could you please guide me on where can I change it , or add new one 
I opened the Identity certificate on ASDM and try to add a new one But there is Value like CN , OU , I don't know what should I add here 
can you guide me plz 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to mautez_mah

‎05-13-2022 05:29 AM

@mautez_mah the current certificate is a wildcard from a completely different domain. You can either change your public DNS record from the current DNS entry vpn.tamam.life to vpn.skyband.com.sa

 

Or create a new certificate for vpn.tamam.life, guide here https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/107956-renew-ssl.html

 

 

 

Go to solution
Sheraz.Salim
VIP
VIP
In response to mautez_mah

‎05-17-2022 05:03 PM

were you able to manage get the identity cert and upload on the firewall. if you using a cert from another make sure the certificate is in pkcs12  format with private key.

please do not forget to rate.
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card