I have installed a new SSL certificate on our ASA 5500. I removed the old one, installed the new one. And associated the trustpoints with the interface we use for Web Connect and AnyConnect connections.
They are still seeing the old expired certificates. Users can still log in and authenticate but I would rather them see the correct certificate.
Anybody have any suggestions?
If you do show run ssl
Do you see the Rigth certificate ( trustpoint) applied to the right interface?
Can you try it from a computer you have not connect before and see if you see any differences.
This will take me a little bit of time. I will probably have to set up a virtual to test this with since I have connected with all of my machines at one point in time.
Nevermind I set up a new Linux Virtual a couple of days ago and I have connected with it yet.
Still having the same issue. Web SSL VPN Service is showing the old expired certificate even though it doesn't look to be installed on the ASA anywhere.
If you do a show run crypto ca trustpoint:
Do you see both of them? The old one and new one?
Also do you have any certificate to profile mapping?
Running "show run crypto ca trustpoint" does indeed show the old trustpoints. I have no certificate to profile mappings
There must have been something wonky with the certificate install. I removed and then reinstalled it and it is running fine now. Although I have a lot of old trustpoints that are still shown as in use
So, Please remove those ones from your ASA
No crypto ca trustpoint x.x.x.x
Do you see the actual ( the one active on your ASA)