Turn off SSL on ASA possible?

Answered Question
Feb 26th, 2008
User Badges:

hi,


As far as I know I don't think I use SSL on my 5520 ASA, but how can I check?


The thing is I have run a Qualys security scan against our ASA's Outside interface and I get 2 SSL vulnerabilities back.


I can't work out how it's finding these and whether I can turn them off. It also says they are self assigned certificates and should be from a third part instead.


Thanks in advance for your help

Correct Answer by mark.j.hodge about 9 years 4 months ago

Connect to your ASA command line, and see if there is a "webvpn" entry.


If so and you want to remove the capability remove the "enable outside" entry.


Another possibility is that you are running ASDM on the outside interface, check if there are any "http outside" commands.


You should be able to check by directing a browser to the outside interface

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
mark.j.hodge Wed, 02/27/2008 - 03:24
User Badges:
  • Bronze, 100 points or more

Connect to your ASA command line, and see if there is a "webvpn" entry.


If so and you want to remove the capability remove the "enable outside" entry.


Another possibility is that you are running ASDM on the outside interface, check if there are any "http outside" commands.


You should be able to check by directing a browser to the outside interface

whiteford Wed, 02/27/2008 - 05:12
User Badges:

You fixed it:


Quote


"Another possibility is that you are running ASDM on the outside interface, check if there are any "http outside" commands."

alanajjar Wed, 02/27/2008 - 03:39
User Badges:

Hi,

The self signed certificate is generated by the ASA to let some basic operation work, like ASDM access and ssh access. For outside certificate authentication, you need to use third party certificate.


regards

Actions

This Discussion