Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

SSL WebVPN "Failed to validate server certificate" - cannot access https sites

Hi,

I've setup a WebVPN to access the configuration interface of IP phones (Aastra) from outside the LAN. The WebVPN is working fine as long as the IP phones accept http connections, but if I enable https only (required for security reasons), I can't connect. WebVPN says:

Certificate Error - Failed to validate server certificate

when trying to connect to the phones.

I've googled a lot, but there seem to be no configuration options to accept all certificates without validation? Is there any way to import the certificate of the Aastra IP phones?

WebVPN-related running-config is:

crypto pki trustpoint TP-self-signed-710886393
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-710886393
 revocation-check none
 rsakeypair TP-self-signed-710886393
!
crypto pki certificate chain TP-self-signed-710886393
 certificate self-signed 01
! [...]
!
webvpn gateway wgw_webvpn
 ip address [...] port 443
 http-redirect port 80
 ssl trustpoint TP-self-signed-710886393
 inservice
 !
webvpn context wc_webvpn
 ssl authenticate verify all
 !
 policy group pg_webvpn
 default-group-policy pg_webvpn
 gateway wgw_webvpn
 max-users 2
 inservice

I'm running IOS 150-1.M9 on cisco 1812 router in my lab. Can test with newer router or IOS if required.

Any help is appreciated!

Jens

196
Views
0
Helpful
0
Replies