01-18-2014 06:47 PM
Hello,
I have configured SSL VPN on my ASA 5520 but I am getting a Cert Issue when connecting via Any Connect. How can I correct this issue so I dont have this pop up.
01-18-2014 09:51 PM
Install a certificate signed by a CA that your client has root keys for.
Sent from Cisco Technical Support iPad App
01-19-2014 05:56 AM
How would I go about doing that? Is here any documentation on this?
Thanks
Sent from Cisco Technical Support iPhone App
01-19-2014 06:39 AM
Create a trustpoint on the ASA and self enroll the ASA on it's own trustpoint.
Import the certificate of the trustpoint on the VPN client.
It should be easy to find if you search the ASA documention for creating a local trustpoint.
01-19-2014 06:50 AM
I did that durring the configuration last night... Please se below
crypto key generate rsa label sslvpnkeypair modulus 2048
crypto ca trustpoint self
enroll self
fqdn BIHASA.cisco.com
subject-name CN=BIHASA.cisco.com
keypair sslvpnkeypair
crypto ca enroll self noconfirm
ssl trust-point self outside
tunnel-group BiH_SSL_VPN ipsec-attributes
trust-point self
01-19-2014 07:36 AM
The subject in the certificate must match the VPN-server information which the clients use.
In your case it might work, if the client connects to
BIHASA.cisco.com
(which doesn't exist)
Include the IP address as an alternate identity, this should be enough (given, that the client has the root certificate imported)
Rgds, MiKa
01-23-2014 06:30 PM
I am not sure I understand on how to do that...
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide