No ASDM access

marcus-barros · ‎10-20-2009

I have an ASA5505 with 8.2.1 firmware version and 6.2.1 ASDM version. I cannot access the firewall using HTTPS (ASDM). When I try to access it from IE, the message "The page cannot be displayed" is returned. When I try to acccess it from Mozilla, the message "Fail on secure connection. Error code: ssl_error_no_cypher_overlap". I have already enabled the http server and created an access-list (http ip mask if). I believe that the issue is something about the certificate and already tried to generate some one, but the problem persists.

francisco_1 · ‎10-20-2009

try removing the certificate, changing the hostname of the ASA to match the host name for the trustpoint/certificate, then re-creating the certificate

marcus-barros · ‎10-21-2009

I did this process again and the problem persists. I did the following process:

hostname(config)# crypto key zeroize rsa default

WARNING: The default key pair will be removed

WARNING: All device digital certificates issued using these keys will also be removed and

the associated trustpoints may not function correctly.

Do you really want to remove these keys? [yes/no]: yes

hostname(config)# show crypto key mypubkey rsa

Key pair was generated at: 12:51:49 BRST Oct 21 2009

Key name: .server

Usage: Encryption Key

Modulus Size (bits): 768

Key Data:

hex-data certificate

hostname(config)# hostname test

test(config)# crypto key generate rsa label domain modulus 1024

INFO: The name for the keys will be: domain

Keypair generation process begin. Please wait...

test(config)# show crypto key mypubkey rsa

Key pair was generated at: 12:59:15 BRST Oct 21 2009

Key name: domain

Usage: General Purpose Key

Modulus Size (bits): 1024

Key Data:

hex-data certificate

Key pair was generated at: 13:00:08 BRST Oct 21 2009

Key name: .server

Usage: Encryption Key

Modulus Size (bits): 640

Key Data:

hex-data certificate

test(config)# crypto ca trustpoint test

test(config-ca-trustpoint)# keypair domain

test(config-ca-trustpoint)# subject-name CN=test.domain

test(config-ca-trustpoint)# enrollment self

test(config)# crypto ca enroll test

% The fully-qualified domain name in the certificate will be: test.domain

% Include the device serial number in the subject name? [yes/no]: yes

Generate Self-Signed Certificate? [yes/no]: yes

test(config)# show crypto ca certificates

Certificate

Status: Available

Certificate Serial Number: hex-data certificate serial number

Certificate Usage: General Purpose

Public Key Type: RSA (1024 bits)

Issuer Name:

serialNumber=serial-number

hostname=test.domain

cn=test.domain

Subject Name:

serialNumber=serial-number

hostname=test.domain

cn=test.domain

Validity Date:

start date: 13:08:55 BRST Oct 21 2009

end date: 12:08:55 BRST Oct 19 2019

Associated Trustpoints: test

test(config)#

The message that I received in Firefox before happened when the firewall was without a certificate. Now, I received the message that wasn't possible open a secure connection because the security protocol is not activated, but the SSL and TLS are activated in IE and Firefox. IE presents the same message before. I have the same problem with another ASA 5505, but I have, too, two ASA 5510 and this problem doesn't happen with them.