Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL Cert Issue

                  Hello,

I have configured SSL VPN on my ASA 5520 but I am getting a Cert Issue when connecting via Any Connect. How can I correct this issue so I dont have this pop up.

ssl.png

6 REPLIES

Re: SSL Cert Issue

Install a certificate signed by a CA that your client has root keys for.

Sent from Cisco Technical Support iPad App

New Member

Re: SSL Cert Issue

How would I go about doing that? Is here any documentation on this?

Thanks
Sent from Cisco Technical Support iPhone App

Bronze

SSL Cert Issue

Create a trustpoint on the ASA and self enroll the ASA on it's own trustpoint.

Import the certificate of the trustpoint on the VPN client.

It should be easy to find if you search the ASA documention for creating a local trustpoint.

New Member

SSL Cert Issue

I did that durring the configuration last night... Please se below

 

crypto key generate rsa label sslvpnkeypair modulus 2048

crypto ca trustpoint self

enroll self

fqdn BIHASA.cisco.com

subject-name CN=BIHASA.cisco.com

keypair sslvpnkeypair

crypto ca enroll self noconfirm

  

ssl trust-point self outside

tunnel-group BiH_SSL_VPN ipsec-attributes

trust-point self

Bronze

SSL Cert Issue

The subject in the certificate must match the VPN-server information which the clients use.

In your case it might work, if the client connects to

  BIHASA.cisco.com

(which doesn't exist)

Include the IP address as an alternate identity, this should be enough (given, that the client has the root certificate imported)

Rgds, MiKa

New Member

Re: SSL Cert Issue

I am not sure I understand on how to do that...

Sent from Cisco Technical Support iPhone App

376
Views
0
Helpful
6
Replies