Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA Ver 8.0 Local CA Assistance for SSL VPN

Hi all,

I am working on a project where an ASA Ver 8.0 is terminating SSL VPN Web Peers.

The setup works fine, however I am experiencing issues with certificates.

What I wanted to do was issue a certifiacte using the new Local CA found in the new code release. I have set this up, and can generate OTP's via email etc.

The user downloads and installs a certificate and this also works fine. The problem I have is an age old issue with Trust relationships.

For some reason when I attempt to connect to the SSL VPN, I pass the identity certificate phase but I am then asked for a secondary cert, which looks like a default asa one. This of course is untrusted.

My question is, why am I given a secondary certificate, having passed the identity stage ?

  • VPN