cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1145
Views
0
Helpful
3
Replies

Issues installing signed certificates into ASA 5510

joerggrau
Level 1
Level 1

I am running Cisco Adaptive Security Appliance Software Version 8.3(2) Device Manager Version 6.4(1).  This will be used as a VPN gateway.  I am having troubles installing our cert.  I can install the cert, but it never connects witht he correct key.  It references trustpoint0 when it is trustpoint1.  I deleted all trustpoints and it still happens.  I could use some help with that.

vpngw4# sh run | begin rust
crypto ca trustpoint ASDM_TrustPoint0
crl configure
crypto ca trustpoint ASDM_TrustPoint1
keypair ASDM_TrustPoint0
crl configure
crypto ca certificate chain ASDM_TrustPoint1
certificate 0f8e62
    308203d5 ....... 8c
  quit


I deleted both trust points and when I do a  sh run both are gone, but when I then import the cert (via ASDM) it creates trustpoint0 again.

The result is that when I connect to the box via WebVPN it gives me a certificate error.


Thanks

Joerg

3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

So I can see you can import the certificate but the certificate used by the ASA is not the one you need right?

If that is the issue you can configure on the ASA witch Certificate will be used for WebVPN sessions:

On the CLI:

ssl trust-point ASDM_TrustPoint0 outside

Then you will use the certificate you just imported.

If I missunderstood the question just let me know, I will be more than glad to help.

Regards.

Do rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Julio,

I tried this an dI still get a certificate error.  I *think* my issue is that the cert refers imported in trustpoint1 references the key of trustpoint0.  But I am not quite sure.

Hello Joe,

I mean when you configure the trustpoint you have the option to choose the proper key!

Can you do a debug webpvn while you attempt to connect.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: