10-20-2009 04:57 AM - edited 03-11-2019 09:28 AM
I have an ASA5505 with 8.2.1 firmware version and 6.2.1 ASDM version. I cannot access the firewall using HTTPS (ASDM). When I try to access it from IE, the message "The page cannot be displayed" is returned. When I try to acccess it from Mozilla, the message "Fail on secure connection. Error code: ssl_error_no_cypher_overlap". I have already enabled the http server and created an access-list (http ip mask if). I believe that the issue is something about the certificate and already tried to generate some one, but the problem persists.
10-20-2009 05:41 AM
try removing the certificate, changing the hostname of the ASA to match the host name for the trustpoint/certificate, then re-creating the certificate
10-21-2009 07:33 AM
I did this process again and the problem persists. I did the following process:
hostname(config)# crypto key zeroize rsa default
WARNING: The default key pair will be removed
WARNING: All device digital certificates issued using these keys will also be removed and
the associated trustpoints may not function correctly.
Do you really want to remove these keys? [yes/no]: yes
hostname(config)# show crypto key mypubkey rsa
Key pair was generated at: 12:51:49 BRST Oct 21 2009
Key name:
Usage: Encryption Key
Modulus Size (bits): 768
Key Data:
hex-data certificate
hostname(config)# hostname test
test(config)# crypto key generate rsa label domain modulus 1024
INFO: The name for the keys will be: domain
Keypair generation process begin. Please wait...
test(config)# show crypto key mypubkey rsa
Key pair was generated at: 12:59:15 BRST Oct 21 2009
Key name: domain
Usage: General Purpose Key
Modulus Size (bits): 1024
Key Data:
hex-data certificate
Key pair was generated at: 13:00:08 BRST Oct 21 2009
Key name:
Usage: Encryption Key
Modulus Size (bits): 640
Key Data:
hex-data certificate
test(config)# crypto ca trustpoint test
test(config-ca-trustpoint)# keypair domain
test(config-ca-trustpoint)# subject-name CN=test.domain
test(config-ca-trustpoint)# enrollment self
test(config)# crypto ca enroll test
% The fully-qualified domain name in the certificate will be: test.domain
% Include the device serial number in the subject name? [yes/no]: yes
Generate Self-Signed Certificate? [yes/no]: yes
test(config)# show crypto ca certificates
Certificate
Status: Available
Certificate Serial Number: hex-data certificate serial number
Certificate Usage: General Purpose
Public Key Type: RSA (1024 bits)
Issuer Name:
serialNumber=serial-number
hostname=test.domain
cn=test.domain
Subject Name:
serialNumber=serial-number
hostname=test.domain
cn=test.domain
Validity Date:
start date: 13:08:55 BRST Oct 21 2009
end date: 12:08:55 BRST Oct 19 2019
Associated Trustpoints: test
test(config)#
The message that I received in Firefox before happened when the firewall was without a certificate. Now, I received the message that wasn't possible open a secure connection because the security protocol is not activated, but the SSL and TLS are activated in IE and Firefox. IE presents the same message before. I have the same problem with another ASA 5505, but I have, too, two ASA 5510 and this problem doesn't happen with them.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: