Cisco ASA5510 invalid security certificate for SSL VPN

Posted on 2008-11-19
Last Modified: 2012-05-05
I bought and configured a certificate from Thawte but am getting invalid certificate error in the browser. The ASA previously had a self-signed certificate which I did not delete at the time. I've just zeroiz
ed it but still getting the invalid cert error. Any ideas on how to resolve?
Thanks for any help.
Question by:cavacamite

    Author Comment

    Here is the error. Thanks.

    Secure Connection Failed uses an invalid security certificate.
    The certificate is not trusted because it is self signed.
    The certificate is only valid for
    (Error code: sec_error_untrusted_issuer)
        * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.

        * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.

              Or you can add an exception&

    Author Comment

    Can I remove the certificate 'no crypto ca trustpoint <trustpoint-name>' then re-authenticate and re-install the same certificate or will the "no" command require me to re-create a CSR and pay for another certificate?

    Author Comment

    Ok... I reloaded the ASA and now get the error below. Any ideas anyone? Thanks.

    Secure Connection Failed

    An error occurred during a connection to
    Cannot communicate securely with peer: no common encryption algorithm(s).

    (Error code: ssl_error_no_cypher_overlap)
    The page you are trying to view can not be shown because the authenticity of the received data could not be verified.

        * Please contact the web site owners to inform them of this problem.

    Accepted Solution

    Issue was resolved by removing the certificate, changing the hostname of the ASA to match the host name for the trustpoint/certificate, then re-creating the certificate.

    Expert Comment

    Text in http:#a22999709 modified as requested.

    Experts Exchange Moderator

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
    #SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now