The problem is the certificate validation has expired.
Certificate
Status: Available
Certificate Serial Number: 02
Certificate Usage: General Purpose
Public Key Type: RSA (1024 bits)
Issuer Name:
cn=IOSCA
ou=security
o=NORTEL
Subject Name:
serialNumber=123456789AB
hostname=FW0.INE.com <http://fw0.ine.com/>
cn=FW0.INE.com <http://fw0.ine.com/>
Validity Date:
start date: 00:58:34 UTC Mar 1 2002
end date: 00:58:34 UTC Mar 1 2003
Associated Trustpoints: MYTUST
CA Certificate
Status: Available
Certificate Serial Number: 01
Certificate Usage: Signature
Public Key Type: RSA (1024 bits)
Issuer Name:
cn=IOSCA
ou=security
o=NORTEL
Subject Name:
cn=IOSCA
ou=security
o=NORTEL
Validity Date:
start date: 00:50:23 UTC Mar 1 2002
end date: 00:50:23 UTC Feb 28 2005
Associated Trustpoints: MYTUST
The remote device connecting to SSL will error because of this even if the
root cert is installed and trusted. To fix you could adjust the clock on
your IOS CA and reissue all certs including the CA cert.
Good luck,
Roger
On Wed, Oct 14, 2009 at 3:13 PM, imran mohammed <[email protected]>wrote:
> Hi All,
>
>
> I have configured IOS CA which issues certs to ASA.Iam able to install
> certificates in ASA.These certs are for the SSL vpn.
> Now when I access SSL vpn I get the certificate error so I have installed
> the the certificate in to trusted root CA.But when I
> access again I get the same error moreover I dont see my domain in the
> trusted root CA though I get import successfull message.
> Iam doing this lab in emulation software.Iam not sure where is the issue.It
> works well with mozilla.Issue is in IE7.
>
> Here is my config
>
>
> dns server-group DefaultDNS
> domain-name INE.com
>
> http server enable
> http 10.1.1.0 255.255.255.0 inside
> no snmp-server location
> no snmp-server contact
>
> crypto ca trustpoint MYTUST
> enrollment url http://20.1.1.3:80
> fqdn FW0.INE.com
> subject-name CN=FW0.INE.com
> serial-number
> crl configure
> crypto ca certificate chain MYTUST
>
>
> !
> !
> !
> webvpn
> port 8080
> enable outside
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> FW0# sh crypto ca certificates
> Certificate
> Status: Available
> Certificate Serial Number: 02
> Certificate Usage: General Purpose
> Public Key Type: RSA (1024 bits)
> Issuer Name:
> cn=IOSCA
> ou=security
> o=NORTEL
> Subject Name:
> serialNumber=123456789AB
> hostname=FW0.INE.com
> cn=FW0.INE.com
> Validity Date:
> start date: 00:58:34 UTC Mar 1 2002
> end date: 00:58:34 UTC Mar 1 2003
> Associated Trustpoints: MYTUST
>
> CA Certificate
> Status: Available
> Certificate Serial Number: 01
> Certificate Usage: Signature
> Public Key Type: RSA (1024 bits)
> Issuer Name:
> cn=IOSCA
> ou=security
> o=NORTEL
> Subject Name:
> cn=IOSCA
> ou=security
> o=NORTEL
> Validity Date:
> start date: 00:50:23 UTC Mar 1 2002
> end date: 00:50:23 UTC Feb 28 2005
> Associated Trustpoints: MYTUST
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> IOS CA
>
> crypto pki server IOSCA
> database url flash:
> issuer-name cn=IOSCA,ou=security,o=NORTEL
> grant auto
> !
> crypto pki trustpoint IOSCA
> revocation-check crl
> rsakeypair IOSCA
>
>
> Regards
> Imran
>
>
>
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
