Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

WebVPN RDP Plugin and Java version compatability

Hey,

I hope you can advise me.

I can see on Cisco downloads a new version of the rep plugin exist release in January, 2014. But the ASAs version is last year and the firmware on the ASA is 8.6(1)2.

 

I was hoping updating the RDP plugin will fix the java compatibility issue as the work around at the moment is to downgrade the Java version to 40 or below as advised on ciscos bug.

https://tools.cisco.com/quickview/bug/CSCuj88114

I hope you can shed some light on this.

 

Thanks in advance.

Shibly

Please rate the post Shibly Ibrahim
Everyone's tags (3)
6 REPLIES
Cisco Employee

Hi , With the latest Java

Hi ,

 

With the latest Java update, there have been change in the security settings and now they are cross checking the Java code-signing cert expiration etc.
With the default Java applet code-signer cert being expired, it throws up the error message.
Please lower down the Java security setting to medium and add FQDN under the "Java control panel > security > exception site list."

Related to  Java Code Signing certificate:

As per the changes that have been incorporated under  the latest Java update about security feature related with the code signing cert, now Java is checking the certificate validity for Java Applet code singing cert and if it finds the cert to be expired then it throws the error we are seeing.

Now with ASA codes, the Java code signing cert is embedded during the development for the Webvpn, which is currently expired, and that's the reason the Java error message pops up.
In order for the Java to trust it, we need to add the ASA public IP or FQDN to "Java control panel > security > exception site list."

And in order to trust it automatically, you might need to get a code signing cert from any known vendor like VeriSign, Go-Daddy, Entrust, Geo-trust, Thwate, etc ...
You can have that Code signing cert installed on the ASA, and call it within the Webvpn config.

Hope this helps.

 

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Community Member

Also will uploading the

Also will uploading the latest plugin fix the issue.

Please rate the post Shibly Ibrahim
Cisco Employee

The Java code signing

The Java code signing certificate is used only when trying to use SSL plugins to access resources , so it is expected that we wont get the error while opening webVPN homepage via browser.
Also, irrespective of the plugin used, you would need to either add the IP/FQDN in trusted site or  using java code signing certificate.
 

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.
 

Community Member

Dineshwill it be ok if I

Dinesh

will it be ok if I generate a a certifate using the asa

if I do how do I apply this certificate to work with the web plugin

Please rate the post Shibly Ibrahim
Cisco Employee

Here is the link that

Here is the link that describes how you can apply code signer certificate on ASA.
https://supportforums.cisco.com/document/29171/replacing-java-code-signing-certificate-asa-55xx-vpnfirewall-appliance

For more information regarding code signing certificate, you can check the following link:-
http://www.cisco.com/c/en/us/td/docs/security/asdm/6_2/user/guide/asdmconfig/certs.html#wp1286400

Regards,
Dinesh Moudgil

P.S Please rate helpful posts.

Community Member

Hey Dinesh

Hey Dinesh Thank you for the quick response. But it's quite strange that when we go the VPN site we don't get a ssl certificate error or is this different. Apologise my knowledge on this is not very good.
Please rate the post Shibly Ibrahim
1548
Views
15
Helpful
6
Replies
CreatePlease to create content