• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3201
  • Last Modified:

Cisco ASA5510 invalid security certificate for SSL VPN

I bought and configured a certificate from Thawte but am getting invalid certificate error in the browser. The ASA previously had a self-signed certificate which I did not delete at the time. I've just zeroiz
ed it but still getting the invalid cert error. Any ideas on how to resolve?
Thanks for any help.
0
cavacamite
Asked:
cavacamite
  • 4
1 Solution
 
cavacamiteAuthor Commented:
Here is the error. Thanks.

Secure Connection Failed
vpn.sslname.com uses an invalid security certificate.
The certificate is not trusted because it is self signed.
The certificate is only valid for sslvpn.previousselfsigned.net
(Error code: sec_error_untrusted_issuer)
    * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.

    * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.

          Or you can add an exception&
0
 
cavacamiteAuthor Commented:
Can I remove the certificate 'no crypto ca trustpoint <trustpoint-name>' then re-authenticate and re-install the same certificate or will the "no" command require me to re-create a CSR and pay for another certificate?
Thanks.
0
 
cavacamiteAuthor Commented:
Ok... I reloaded the ASA and now get the error below. Any ideas anyone? Thanks.

Secure Connection Failed

An error occurred during a connection to vpn.sslvpn.com.
Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)
The page you are trying to view can not be shown because the authenticity of the received data could not be verified.

    * Please contact the web site owners to inform them of this problem.
0
 
cavacamiteAuthor Commented:
Issue was resolved by removing the certificate, changing the hostname of the ASA to match the host name for the trustpoint/certificate, then re-creating the certificate.
0
 
ModEErfCommented:
Text in http:#a22999709 modified as requested.

ModEErf
Experts Exchange Moderator

http://www.experts-exchange.com/Q_24804647.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now