ASA Crypto
Updated TLS cert on an ASA used for anyconnect and assigned it to interfaces- but users are presented with angry red "insecure site" warning on expiration day.
Thats because ASA is a salty bitch and keeps using the old cert for IKEv2
To correct the issue
#no crypto ikev2 remote-access trustpoint ASDM_TrustPoint4 (Old Expired certificate)
#crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 (New trustpoint for new certificate)
Now the new certificate is applied to ikev2
verify:
sh run | in ASDM_TrustPoint0
crypto ca trustpoint ASDM_TrustPoint0
crypto ca certificate chain ASDM_TrustPoint0
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
ssl trust-point ASDM_TrustPoint0 outside
No Comments