I am having the famous and much discussed issue of ASDM and Java 7 not being compatible. You launch ASDM and it hangs. To resolve you install the older, archived version of Java 1.5 or 1.6 and it works.
My question is - how come Cisco has never seen fit to release a patch or fix to correct this issue?
I have Java 8 Update 31 and I have a non self signed cert on the firewall and it still does not work. What am I doing wrong here? The cert is signed by GoDaddy and works great otherwise.
Doublecheck that the GoDaddy certificate is bound to the interface you are using for management.
The easiest way is by browsing to the ASA i.e. https://<ASA mgmt address>/admin and then inspect / verify the certificate in your browser.
If that looks OK, then try also adding the ASA as a trusted site in Java's control panel.
Thanks for the reply. It is bound on all 3 interfaces. I have added both http and https sites as trusted sites already. I have tried all combinations of adding the cert to local cert stores, java control panel trusted certs, secure sites, trusted sites. No luck.
Yes. I am managing it from an old server with ASDM at the moment with Java 7 51. However on that server only webstart works no client.
Have you drilled down to Java control panel messages and /or looked at a Packet Capture when you try to connect to see what might be happening at a debug level?
What ASDM version are you using?
One other thought is to clear your Java cache.
No. I have I have not drilled down or looked at a packet capture.
ASA Version: 9.3(2)
ASDM Version: 7.3(2)102
Device Type: ASA5512
ASA5512# sh run ssl
ssl cipher default custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl cipher sslv3 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl cipher tlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl cipher dtlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl trust-point ASDM_TrustPoint0 inside
ssl trust-point ASDM_TrustPoint0 outside
ssl trust-point ASDM_TrustPoint0 management
You have strong ciphers as per the new 9.3(2) "ssl cipher" commands. So that should be OK for you.
We've covered all the obvious places to look.
I'd drill in further with the Java cache clearing and then trying again while doing a packet capture and/or debugging on the ASA to see what's going on in more detail.