SSL Cert Issue

Kemal Zuko · ‎01-18-2014

Hello,

I have configured SSL VPN on my ASA 5520 but I am getting a Cert Issue when connecting via Any Connect. How can I correct this issue so I dont have this pop up.

Jeff Van Houten · ‎01-18-2014

Install a certificate signed by a CA that your client has root keys for.

Sent from Cisco Technical Support iPad App

Kemal Zuko · ‎01-19-2014

How would I go about doing that? Is here any documentation on this?

Thanks
Sent from Cisco Technical Support iPhone App

m.kafka · ‎01-19-2014

Create a trustpoint on the ASA and self enroll the ASA on it's own trustpoint.

Import the certificate of the trustpoint on the VPN client.

It should be easy to find if you search the ASA documention for creating a local trustpoint.

Kemal Zuko · ‎01-19-2014

I did that durring the configuration last night... Please se below

crypto key generate rsa label sslvpnkeypair modulus 2048

crypto ca trustpoint self

enroll self

fqdn BIHASA.cisco.com

subject-name CN=BIHASA.cisco.com

keypair sslvpnkeypair

crypto ca enroll self noconfirm

ssl trust-point self outside

tunnel-group BiH_SSL_VPN ipsec-attributes

trust-point self

m.kafka · ‎01-19-2014

The subject in the certificate must match the VPN-server information which the clients use.

In your case it might work, if the client connects to

BIHASA.cisco.com

(which doesn't exist)

Include the IP address as an alternate identity, this should be enough (given, that the client has the root certificate imported)

Rgds, MiKa

Kemal Zuko · ‎01-23-2014

I am not sure I understand on how to do that...

Sent from Cisco Technical Support iPhone App