I upgraded a ASA firewall using the 8.6(1) version with the LOCAL_CA_SERVER, which is for the VPN clients, e.g. one time auth cert deployment, revoking.
Unfortunately, I have to upgrade the version to 9.1 or above, because I hit a bug. I discovered the LOCAL_CA_SERVER of the ASA is working, but the clients' cert. will be untrusted and the certed users will have to enter the username & password again to get the cert.
Why need to do that? I checked the trust points, the local certs, the db on local CA server .... all is matched as the b4 version. Why the b4 deployed clients' cert. will be untrusted? Any idea on that? Thanks!
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...