Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member



im sort of at my wits end, ive spent most of the after noon trying to work this out - I got hold of an old pix 501, running following:

Hardware:   PIX-501, 16 MB RAM, CPU Am5x86 133 MHz

Flash E28F640J3 @ 0x3000000, 8MB

BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

0: ethernet0: address is 001d.4521.a06f, irq 9

1: ethernet1: address is 001d.4521.a070, irq 10

Licensed Features:

Failover:                    Disabled

VPN-DES:                     Enabled

VPN-3DES-AES:                Enabled

Maximum Physical Interfaces: 2

Maximum Interfaces:          2

Cut-through Proxy:           Enabled

Guards:                      Enabled

URL-filtering:               Enabled

Inside Hosts:                10

Throughput:                  Unlimited

IKE peers:                   10

This PIX has a Restricted (R) license.

Serial Number: 907381129 (0x36158989)

Running Activation Key: 0x6e9eef0d 0x39fc65c5 0x12491b66 0x1be8afaf

Configuration has not been modified since last system restart.

Everytime i try and start the PDM, i get the error that there is a hostname mismatch with certificates.

Now i've tried the following:

1) 5 differant versions of java, from 1.5 and under.

2) Tried delating the key on the router and re-createing it.

Ive been all over the internet checking out lots of other people who had this problem and it seems to relate to java or the cetificates, but i still cant get this working...has anyone got any suggestions ?

Im not a company so dont have a CCO login to maybe uprage the IOS and PDM...I'm more than happy to try and configure things via command line...i just cant stand it when i cant work out why its not working.....

Everyone's tags (2)


Hi Bro

As long as your config looks like this, this is not a FW problem. Perhaps, it could be your PC. Have you tried with another PC, to see if this works fine? I suspect this has something to do with your browser's cookies etc.

asdm image flash:/asdm
asdm history enable

http server enable
http inside


hostname FW01


Try this as well;

ca zeroize rsa

ca generate rsa key 768 <-- 1024 and above seems to have compatiblity issue with some browsers.

ca save all

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
VIP Purple


The error-message in question comes when you connect to your pix with a different hostname then what is in the certificate. If you only have the IP-address in the certificate, then you have to use If you have used a hostname or FQDN, then you have to use that: https://pixfirewall or https://pixfirewall.yourdomain.local. Just change the IP or the names to what you have on your PIX. If you have a name in your certificate you also need to make sure that the name resolves to the correct IP-address.

If you don't know what's in the certificate, I think the command on this plattform was also "show crypto ca certificate". There you need to look at the field "subject".

Sent from Cisco Technical Support iPad App

CreatePlease to create content