05-30-2015 12:40 AM - edited 03-11-2019 11:01 PM
I have a problem with a Cisco ASA 5505. ASA 9.0(3) / ASDM 7.4(1).
I did a factory reset, formatted the flash, copied everything from tftp.
Config copied from another ASA. Changed the hostname entries afterwards.
hostname connect
crypto ca trustpoint ASDM_TrustPoint0
subject-name CN=connect
crypto ca trustpoint ASDM_TrustPoint1
subject-name CN=connect
ASA works fine, and the Home & Monitoring tabs in the ASDM works, but I am not able to work on the configuration using ASDM :(
When I go to the Configuration tab, I get this message (which stays there for ever):
Please wait while the certificate information is beeing retrieved
I have tried a 'revert webvpn all' and save/reload. Did not help.
Error message and contents of flash - see attached pictures.
Suggestions greatly appreciated.
BR,
Nils
Solved! Go to Solution.
05-30-2015 10:06 AM
05-30-2015 12:05 PM
You cannot just change the CN of a trustpoint and leave the old certificate in place. That breaks the fundamental prupose of a certificate as being a unique identifier of a given host.
You should delete the trustpoints and associated certificates altogether and then reload. The ASA hould automatically create a new trustpoint and certificate. That should allow you to configure via ASDM.
If you like, you can continue to use that dynamic one or create a new persistent one (and associated 2048-bit or higher RSA key).
05-30-2015 10:06 AM
HI Nils,
Please use the asdm 7.4.2 which has lot of fixes.
Thanks,
VR
05-30-2015 03:47 PM
You were both right. Loading the old config which included the trustpoints / certificates did not work. Had to recreate the certificates. That done, I encountered a new error (ASDM stuck at 87%) which was solved by updating to 7.4.2.
Thanks!
BR,
Nils
05-30-2015 12:05 PM
You cannot just change the CN of a trustpoint and leave the old certificate in place. That breaks the fundamental prupose of a certificate as being a unique identifier of a given host.
You should delete the trustpoints and associated certificates altogether and then reload. The ASA hould automatically create a new trustpoint and certificate. That should allow you to configure via ASDM.
If you like, you can continue to use that dynamic one or create a new persistent one (and associated 2048-bit or higher RSA key).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide