Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

certificate question

This is probably more of an annoyance than a technical issue. Every time I start up PDM on my new 501 I get dialog boxes telling me my certifictes don't match. A couple I was able to "hide" by checking a "don't show again" button but one won't go away. The actual message is "The name of the site does not match the name on the certificate. Do you want to run the app?"

I don't know what the mismatches actually mean but the certificates must have been included for some reason so why wouldn't they "work". I'm a little concerned that they might be used as some part of the overall security well being of the 501 so I would like to know what they actually do, where the mismatch is coming from, and if it's possible to fix it.

thanks for any feedback

2 REPLIES

Re: certificate question

Certificates are a method of Authentication and Verification. When you recieve a certificate from a website it is signed with the hostname and domain name. If that hostname and domain name combination is not what you have typed into your browser, your browser questions the authenticity of that certificate.

To make your issues go away about connecting to your pix you would have to add a dns record or at least a host record on your hosts table specifying the same website as in the certificate your pix is issues. Example.

The hostname of my pix might be pix, where as your domain might me somewhere.com You would then type this into your web browser as https://pix.somewhere.com

To setup your pix to use the above info use the following commands

hostname pix

domain-name somewhere.com

ca zeroize rsa

ca generate rsa key 1024

ca save all

This would then recreate an rsa cert that is signed using the pix.somewhere.com host and domain name.

So now either you would add pix.somewhere.com to your dns or add it in your locl pc's hosts file associated to the appropriate ip address and then you should be able to connect to your PDM using pix.somewhere.com and not get the annoyance anymore.

Hope this helps.

Patrick

New Member

Re: certificate question

Thanks...so stated that even I could understand it and things are now working the way I would expect.

269
Views
10
Helpful
2
Replies