Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1448
Views
0
Helpful
4
Replies

ASDM-IDM Launcher asking for certificate when logging in

Go to solution
Shaun Michelson
Level 1
Level 1

‎08-04-2014 08:50 AM - edited ‎03-10-2019 12:16 AM

When starting the ASDM-IDM Launcher, I'm being asked to provide a certificate before logging in:

 

The certificates it lists for me to choose from were issued by an old Active Directory Enterprise CA that is no longer in service. The ASDM launcher started prompting me for a certificate after I recently uploaded the new CA certificate that replaced the old.

We use certificates for remote VPN connectivity and that's it. I don't need the ASA to prompt for certificates when logging in to manage it. What's the best way to correct this? Should I delete the CA Certificate and associated Truspoint using the ASDM?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Shaun Michelson

‎08-06-2014 06:49 PM

I'm not sure why it's prompting for certificate-based authentication.

In any case, you might try adding:

     aaa authentication http console LOCAL

...to the config.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-05-2014 01:38 PM

Can you provide the output of "show run http"? That will show us the authentication method specified in the configuration for ASDM (which runs over https).

We would normally look for something like:

   http authentication local

or

   http authentication aaa local

(and in the latter case would also check our aaa authentication method).

0 Helpful

Go to solution
Shaun Michelson
Level 1
Level 1
In response to Marvin Rhoads

‎08-06-2014 07:13 AM

show run http gives the following:

http server enable
http xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx inside
http redirect outside 80

 

Doesn't give anything about authentication.

 

I do have the following line in the config:

aaa authentication ssh console LOCAL

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Shaun Michelson

‎08-06-2014 06:49 PM

I'm not sure why it's prompting for certificate-based authentication.

In any case, you might try adding:

     aaa authentication http console LOCAL

...to the config.

0 Helpful

Go to solution
Shaun Michelson
Level 1
Level 1
In response to Marvin Rhoads

‎08-18-2014 11:02 AM

I opened a ticket with Cisco support and the technician had me run a "clear ssl" command, which seems to have fixed things.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents