cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
776
Views
0
Helpful
2
Replies

Cisco ASA Clientless SSL VPN Using Certificate Authentication - Certificate Expiration Notification

goodwin_charles
Level 1
Level 1

I am using 3rd party identity certificates to authenticate VPN clients to a Cisco ASA 5580. This part works great. However, I would like the the user to be notified when their certificates are going to expire and/or when they are expired when they log in to the ClientlessVPN. I have been able to do this with the AnyConnect client in the client profile, but I can find nothing on how to do this for the ClientlessVPN just returns a "Certificate is Invalid" error once the certificate is expired.

 

How can I change that message to something more user-friendly?

 

Thank you

2 Replies 2

Hi Charles,

 

On this case on the customization I could not find a set up for this, you may do it for AnyConnect Secure Mobility Client, now on this case there is Certificate alert on IOS release 9.4.X:

 

The ASA checks all CA and ID certificates in the trust points for expiration once every 24 hours. If a certificate is nearing expiration, a syslog will be issued as an alert. You can configure the reminder and recurrence intervals. By default, reminders will start at 60 days prior to expiration and recur every 7 days.
We introduced or modified the following commands: crypto ca alerts expiration 

 

You may find further information on this link:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html

 

Like this you can have the certificate alert once the certificate is about to expire on the Clientless.

 

Please proceed to rate and mark as correct this Post!

 

David Castro,

Regards,

Thanks for the reply. But, I am trying to do this for client certificates. The clients receive a 30-day personal certificate from a 3rd party CA. I do not think the feature in 9.4 is relevant since CA's and identities on the ASA are not what need to notify. I need to notify on the client's certificate expiration.
 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: