Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASDM-IDM Launcher asking for certificate when logging in

When starting the ASDM-IDM Launcher, I'm being asked to provide a certificate before logging in:

 

The certificates it lists for me to choose from were issued by an old Active Directory Enterprise CA that is no longer in service. The ASDM launcher started prompting me for a certificate after I recently uploaded the new CA certificate that replaced the old.

We use certificates for remote VPN connectivity and that's it. I don't need the ASA to prompt for certificates when logging in to manage it. What's the best way to correct this? Should I delete the CA Certificate and associated Truspoint using the ASDM?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

I'm not sure why it's

I'm not sure why it's prompting for certificate-based authentication.

In any case, you might try adding:

     aaa authentication http console LOCAL

...to the config.

4 REPLIES
Hall of Fame Super Silver

Can you provide the output of

Can you provide the output of "show run http"? That will show us the authentication method specified in the configuration for ASDM (which runs over https).

We would normally look for something like:

   http authentication local

or

   http authentication aaa local

(and in the latter case would also check our aaa authentication method).

New Member

show run http gives the

show run http gives the following:

http server enable
http xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx inside
http redirect outside 80

 

Doesn't give anything about authentication.

 

I do have the following line in the config:

aaa authentication ssh console LOCAL

Hall of Fame Super Silver

I'm not sure why it's

I'm not sure why it's prompting for certificate-based authentication.

In any case, you might try adding:

     aaa authentication http console LOCAL

...to the config.

New Member

I opened a ticket with Cisco

I opened a ticket with Cisco support and the technician had me run a "clear ssl" command, which seems to have fixed things.

148
Views
0
Helpful
4
Replies
CreatePlease login to create content