[Webinar] Learn how to a build a cloud-first strategyRegister Now


Cisco ASA5510 invalid security certificate for SSL VPN

Posted on 2008-11-19
Medium Priority
Last Modified: 2012-05-05
I bought and configured a certificate from Thawte but am getting invalid certificate error in the browser. The ASA previously had a self-signed certificate which I did not delete at the time. I've just zeroiz
ed it but still getting the invalid cert error. Any ideas on how to resolve?
Thanks for any help.
Question by:cavacamite
  • 4

Author Comment

ID: 22998446
Here is the error. Thanks.

Secure Connection Failed
vpn.sslname.com uses an invalid security certificate.
The certificate is not trusted because it is self signed.
The certificate is only valid for sslvpn.previousselfsigned.net
(Error code: sec_error_untrusted_issuer)
    * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.

    * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.

          Or you can add an exception&

Author Comment

ID: 22998618
Can I remove the certificate 'no crypto ca trustpoint <trustpoint-name>' then re-authenticate and re-install the same certificate or will the "no" command require me to re-create a CSR and pay for another certificate?

Author Comment

ID: 22999709
Ok... I reloaded the ASA and now get the error below. Any ideas anyone? Thanks.

Secure Connection Failed

An error occurred during a connection to vpn.sslvpn.com.
Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)
The page you are trying to view can not be shown because the authenticity of the received data could not be verified.

    * Please contact the web site owners to inform them of this problem.

Accepted Solution

cavacamite earned 0 total points
ID: 23004133
Issue was resolved by removing the certificate, changing the hostname of the ASA to match the host name for the trustpoint/certificate, then re-creating the certificate.

Expert Comment

ID: 25557307
Text in http:#a22999709 modified as requested.

Experts Exchange Moderator


Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question