With the latest Java update, there have been change in the security settings and now they are cross checking the Java code-signing cert expiration etc. With the default Java applet code-signer cert being expired, it throws up the error message. Please lower down the Java security setting to medium and add FQDN under the "Java control panel > security > exception site list."
Related to Java Code Signing certificate:
As per the changes that have been incorporated under the latest Java update about security feature related with the code signing cert, now Java is checking the certificate validity for Java Applet code singing cert and if it finds the cert to be expired then it throws the error we are seeing.
Now with ASA codes, the Java code signing cert is embedded during the development for the Webvpn, which is currently expired, and that's the reason the Java error message pops up. In order for the Java to trust it, we need to add the ASA public IP or FQDN to "Java control panel > security > exception site list."
And in order to trust it automatically, you might need to get a code signing cert from any known vendor like VeriSign, Go-Daddy, Entrust, Geo-trust, Thwate, etc ... You can have that Code signing cert installed on the ASA, and call it within the Webvpn config.
The Java code signing certificate is used only when trying to use SSL plugins to access resources , so it is expected that we wont get the error while opening webVPN homepage via browser. Also, irrespective of the plugin used, you would need to either add the IP/FQDN in trusted site or using java code signing certificate.
Thank you for the quick response.
But it's quite strange that when we go the VPN site we don't get a ssl certificate error or is this different. Apologise my knowledge on this is not very good.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...