Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3630
Views
0
Helpful
3
Replies

Cisco ASA - ASDM will not launch (Please wait while the certificate information is beeing retrieved)

Go to solution
norsar
Level 1
Level 1

‎05-30-2015 12:40 AM - edited ‎03-11-2019 11:01 PM

I have a problem with a Cisco ASA 5505. ASA 9.0(3) / ASDM 7.4(1).

I did a factory reset, formatted the flash, copied everything from tftp.

Config copied from another ASA. Changed the hostname entries afterwards.

hostname connect

crypto ca trustpoint ASDM_TrustPoint0
  subject-name CN=connect
crypto ca trustpoint ASDM_TrustPoint1
  subject-name CN=connect

ASA works fine, and the Home & Monitoring tabs in the ASDM works, but I am not able to work on the configuration using ASDM :(

When I go to the Configuration tab, I get this message (which stays there for ever):

Please wait while the certificate information is beeing retrieved

I have tried a 'revert webvpn all' and save/reload. Did not help.

Error message and contents of flash - see attached pictures.

Suggestions greatly appreciated.

 

BR,

Nils

 

Labels:
Preview file
36 KB
Preview file
68 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
veramasu
Cisco Employee
Cisco Employee

‎05-30-2015 10:06 AM

HI Nils,

Please use the asdm 7.4.2 which has lot of fixes.

Thanks,

VR

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-30-2015 12:05 PM

You cannot just change the CN of a trustpoint and leave the old certificate in place. That breaks the fundamental prupose of a certificate as being a unique identifier of a given host.

You should delete the trustpoints and associated certificates altogether and then reload. The ASA hould automatically create a new trustpoint and certificate. That should allow you to configure via ASDM.

If you like, you can continue to use that dynamic one or create a new persistent one (and associated 2048-bit or higher RSA key).

View solution in original post

0 Helpful
3 Replies 3

Go to solution
veramasu
Cisco Employee
Cisco Employee

‎05-30-2015 10:06 AM

HI Nils,

Please use the asdm 7.4.2 which has lot of fixes.

Thanks,

VR

0 Helpful

Go to solution
norsar
Level 1
Level 1
In response to veramasu

‎05-30-2015 03:47 PM

You were both right. Loading the old config which included the trustpoints / certificates did not work. Had to recreate the certificates. That done, I encountered a new error (ASDM stuck at 87%) which was solved by updating to 7.4.2.

 

Thanks!

 

BR,

 

Nils

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-30-2015 12:05 PM

You cannot just change the CN of a trustpoint and leave the old certificate in place. That breaks the fundamental prupose of a certificate as being a unique identifier of a given host.

You should delete the trustpoints and associated certificates altogether and then reload. The ASA hould automatically create a new trustpoint and certificate. That should allow you to configure via ASDM.

If you like, you can continue to use that dynamic one or create a new persistent one (and associated 2048-bit or higher RSA key).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card