Cisco Security :: 1841 - SSL Certificate CSR Using SH1

Feb 12, 2009

Is it possible to generate CSR using SH1 instead of md5 on Cisco 1841 for SSL VPN, because the provider that I try to use doesn't accept md5. Also tried to import there private key and got an error "Error: invalid PEM boundary"

View 4 Replies


ADVERTISEMENT

Cisco VPN :: 1841 / AnyConnect Invalid Certificate

Feb 7, 2013

I am having some problems with my AnyConnect configuration.I have configured AnyConnect (ssl vpn / webvpn) on my Cisco 1841 Router, and I can access it from a web browser and start the tunnel, then anyconnect starts up and then the problem come, because when AnyConnect is trying to connect it comes with an error saying "The certificate on the secure gateway is invalid".
 
I have read almost all of the threads in here about the problem also tried to make a new certificate, but nothing is working?
 
BTW: I am using self-signed certificate?

View 5 Replies View Related

Cisco Security :: 851 SSL CA Certificate Chain Not Available

Sep 21, 2012

I've got a Cisco 851 running IOS12.3. I'm trying to install a SSL Certificate but after following all the instructions and installing a CA certificate I'm not getting the full chain of authority in a browser just the devices certificate itself. I've repeated the installation process using individual CA certificates all up and down the chain but still the same results.

View 1 Replies View Related

Cisco Security :: Configuring SSL Certificate On ASA 5520

Jun 20, 2011

I have a SSL certificate from a third party that is showing under the Identity in ADSM, howerver the audit scan of the firewall shows that the SSL Certificate Signed with an unknown certification Authority. I have installed the Intermediate Primary and Secondary Certificate from the third party under the CA Certificate of the ADSM however when I verify the SSL certificate it still shows as self-signed. What other steps do I miss. I have attached some screenshots.

View 2 Replies View Related

Cisco Security :: Migrating Existing SSL Certificate From Win 3.2 To 4.2 ACS

Apr 15, 2011

We have the acs server which has the ssl certficate(certifcate authority) running in acs 3.2 windows version for eap-tls enduser authentication.
  
We want the same to be migrated to acs 4.2(appliance) application. I have tried in different ways to push the certificate but i couldn't.
  
I have tried Thru System Configuration --> ACS Certificate Setup --> Install ACS certificate --> Download certficate file In that i have mentioned the FTP server IP address, credentials, path and file name
 
But if i submit the request its giving the directory not found or credentials wrong.
 
In FTP logs its showing like this
 
Apr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 PASS welcome2acsApr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 230 User logged inApr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 FTP: Login successfulApr 15, 2011 19:41:55 Session 4, Peer

[Code].....

View 2 Replies View Related

Cisco Security :: How To Apply 3rd Party Certificate To 1811 ISR

Sep 29, 2009

I am attempting to install a third party SSL cert (GoDaddy) to properly secure the external interface of my 1811 ISR so that I can implement SSL VPN.  I have tried using SDM 2.5, but that doesn't appear to be working.  I am familiar with doing this on a Cisco 3005 Concentrator, but I'm not aware of how to install an intermediate cert on the 1811 (or if it's even possible), in order to properly have the GoDaddy cert properly imported and used for SSL VPN. I have gone through the CSR process and have the initial cert from them generated and have imported it, but it never appears to be identified correctly if I browse to the external interface on the router.  The router always defaults to its self-signed cert.

View 1 Replies View Related

Cisco Security :: Clean Access Agent 4.0.5 Certificate

Feb 9, 2011

We have NAC 4.0.5 and windows active directory domain the clients log on to the client to access the network with their domain credentials and they used to get the "Certificate is issued from an untrusted." until I installed the url.. certificate to the local certificate store.
 
I seem to have done something on the NAC manager that messed up something, cause now the client considers the certificate issued from a trusted source, BUT a warning stating that the name on the certificate does not match the name.

View 1 Replies View Related

No Access To Some Sites - Security Certificate Expired

Jul 11, 2012

i have a problem with some sites! i cant access to them ! some sites are hotmail, this one, and many other! the msg that i see every time is : There is a problem with this website's security certificate. The security certificate presented by this website has expired or is not yet valid.

[code]...

View 4 Replies View Related

Cisco Security :: ACE20-MOD Does Not Recognize 2048 Bit Certificate As Trusted

Dec 16, 2011

I have bought and installed a 2048bit certificate from Thawte on a ACE20-MOD-K9 module. The appliance can't use it and gives the following error: "This certificate cannot be verified up to a trusted certfication authority."I have contacted Thawte about this and they suggest to install an intermediate certificate from Thawte on the module, but I can't find such a certicicate for Cisco on their site. Also I'm not sure how to go about implementing such an intermediate certificate on the ACE.

View 1 Replies View Related

Linksys Wireless Router :: WRT160Nv3 - Security Certificate Pop Up Daily With Errors

May 15, 2012

My issue occurs on ALL of my home computers (MacBook and iMac using wi-fi) and ALL of my browsers (Safari, Firefox, Chrome).The problem:- Security Certificates: They pop up daily for Facebook mostly, but also Twitter. I will click Continue, which takes me to...- 404 Error/Page Not Found Error: After the Certificate error mentioned above, this happens. Mostly to YouTube. It will stay like this for a few hours. I've cleared cache, rebooted, etc. etc. Nothing works.- Images turn into little blue boxes with a question mark in them. **When this happens, it's an indication that a Certificate box will pop up out of the blue.- Even on Google.com, it will say: Invalid URLThe requested URL "/", is invalid.Reference #9.df260e6b.1336506889.420cf4fSo what can I do? It happens on both my Macbook Pro and iMac - both connected wirelessly to a Linksys router/cable modem. The router is Wireless-N Broadband Router WRT160Nv3 with Firmware Version: v3.0.02.

View 1 Replies View Related

Cisco WAN :: 1841 DSL Line Security Config

Dec 18, 2011

I configured a 1841 router that connects to a DSL modem. This DSL connection is our Internet connection for vendor and IT testing. I have connectivity to the Internet using nat and have configured the router to act as a DHCP server. It seems to be working fine. I just want to configure some best practices for securing the device from the outside access. Is there some standard best practices I should be configuring?

View 2 Replies View Related

Cisco Security :: 1841 Router - URL Filtering Causes 100 Percent CPU Usage

Apr 7, 2013

whenever I setup URL filtering in 1841 router with policy-map type http and zone-pair command, I experience 100% CPU spike. is there any workaround?

View 1 Replies View Related

Cisco Security :: 1841 / VRF-Lite And Global Keyword In IP Route?

Sep 1, 2007

I have a 1841 with 12.4(16) IOS.In my configuration I have to interfaces for internet access, without vrf:
 
interface ATM0/0/0
dsl operating-mode auto
pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1

[code]....
 
This two interfaces are in the global route table because there is no vrf indication. These are for internet access (a simple adsl connection) Then, I have this interface in VRF named "lan123"
 
interface FastEthernet0/1.23
encapsulation dot1Q 123
ip vrf forwarding lan123
ip address 192.168.143.254 255.255.255.0
ip nat enable 
 
Now the issue.If I write:
 
ip route vrf lan123 0.0.0.0 0.0.0.0 Dialer0
 
this works and, with nat, internet works. The question is why this works without the "global" keyword? I'm going from the vrf named "lan123" routing table to global table without the using of "global" keyword.

If I try to use:

ip route vrf lan123 0.0.0.0 0.0.0.0 Dialer0 global
 
there is an error indication.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: %ASA-3-717009 / Certificate Validation Failed / Certificate Date Is Out-of-range

Jan 30, 2012

There is ASA with remote access VPN and users are authenticated using third party signed certificates (CA is not local in ASA).When user certificate expires i can see it in syslog messages. For example:
 
     %ASA-3-717009: Certificate validation failed. Certificate date is out-of-range, serial number: (...)
 
I would like to know if there is an opportunity to view user's certificate expiry date beforehand, say, 3 days before?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ISE 1.1.1 Don't Have Certificate Authority Certificate Anymore?

Oct 19, 2012

i am working on ISE 1.1.1, surprisingly i couldn't found certificate authority certifiate at certificate operation anymore.
 
would it be the change on GUI? So now where i can import the CA certificate to ISE?

View 5 Replies View Related

Cisco Security :: Finding Security Labs For GNS3 Or Packet Tracer?

Dec 19, 2011

I'm studying for CCNA Sec exam and looking for any security labs for GNS3 or Packet Tracer.

View 3 Replies View Related

Cisco Security :: Configure 802.1X Security Through ACS 1120 Server And NAC In Layer 2 Inband Virtual Gateway?

Feb 28, 2011

My company ordered NAC and ACS 1120 My question is Can i configure 802.1X security through ACS server and NAC in layer 2 Inband Virtual Gateway.for campus switches.Is it the good design to have double security for switch ports. 1st is 802.1X and 2nd is NAC in layer 2 INBAND VG?

View 1 Replies View Related

Cisco Security :: How Many Default Context In ASA 5510 Security Plus Edition

Aug 8, 2006

ASA 5510 security plus edition will it support active/active failover. and does it support context with securiyt plsu edition. and how many default context do we get with asa 5510 security plus edition.

View 3 Replies View Related

Cisco :: Can LMS 4.0 Use CA Certificate Instead Of Self-signed

Apr 4, 2012

I've been reading over the documentation, but only see instructions for using a self-signed certificate for SSL.  Or even trusted certificates between LMSes.  But I can't seem to find anything on LMS 4.0 using a Certificate Authority.  And I have a security requirement to do so.
 
Is this possible in LMS 4.0?

View 3 Replies View Related

Cisco VPN :: ASA 5510 SSL Certificate?

Dec 12, 2012

It appears we had a vendor setup an SSL certificate for our vpn. I see it under the ASDM on configuration -> device management -> Certificate management -> identity Certificates
 
there is the certificate there and I also see it pointing to the outside under configuration -> device management -> advanced -> ssl settings and under outside the primary enrolled cert is the ssl cert.
 
only thing i can see which may be incorrect is if i look at the cert details under indentity certificates and select issued to the url says http not https..

View 3 Replies View Related

Cisco VPN :: ASA 5510 - SSL VPN Certificate

Oct 8, 2012

I'm currently dealing with a problem related to the integration between the a Cisco ASA 5510 and an AD Microsoft CA on a windows2008R2. I'm basically trying to enroll the ASA in the CA and get a certificate for the ASA to use for SSL VPNs. I'm using SCEP enrollment and I've set up NDEP on the Win2008 CA.

Everything seems to be working just fine and I get the certificate but If I assign it to the interface, first the client receives a warning and then a blank page is shown (everything works just fine with the ASA self-signed certificate). The problem looks like to be related to the purpose of the keys (key usage field) which is not Server authentication. The certificate is automatically generated using the IP Sec (offline) template.

View 3 Replies View Related

Linksys WRT610N Wireless System With WPA-PSK Security / Security Settings Does Not Match

Mar 29, 2012

I have a Linksys WRT610N wireless system with WPA-PSK security and this works fine with several computers but now one computer detects the wireless security as WEP and can thus not connect to the router. I have tried to manually connect to the router with correct security WPA-Personal (TKIP) and correct password but then the computer says "settings saved on this computer for the network do not match the requirements of the network".How can I get the computer to detect the correct security? The computer is running Windows 7 home premium.

View 7 Replies View Related

Security / Firewalls :: FCC Is Investigating Pogo Game Site Because Of Poor Security

Mar 24, 2013

Is it true that the FCC is investigating the Pogo game site because of poor security? Is Java the cause of this problem?I'm very leery of getting on the Pogo site because I've been told that my computer could get a virus and crash.

View 1 Replies View Related

Security / Firewalls :: Sonicwall Network Security Appliance - Receiving A Content Blocked Message?

Dec 24, 2011

I'm new to IT, and have been put in charge of managing our servers hile my boss is on vacation.We currently have a Sonicwall Network Security Appliance that handles our Firewall/VPN and have web content filtering set in place.I have a user who belongs to 2 CFS policy groups that we have set up. I've double checked with Active Directory, and he is a member of both groups.

This person SHOULD have access to Job searches/ and Restaurants,but receives a "content blocked" message on his browser.It appears to me that the settings in Sonicwall are correct, as well with AD member groups.

View 3 Replies View Related

Cisco VPN :: Certificate Re-enroll On 3002?

Oct 18, 2011

We are trying to re-enroll our certificates that are expiring today and all goes well until we actually try and install the newly generated cert and it it tells us that we cannot install the cert until the old cert is deleted. When we try and delete the existing cert, it tells us that it is currently in use and cannot be deleted. How can we re-enroll these certs without breaking the tunnel essentially kicking us out of the device?

View 0 Replies View Related

Cisco :: Certificate Signing Request For ACS 5.3?

Jan 27, 2013

In order to authenticate wireless users with EAP-TLS or PEAP-MSCHAPv2, what should I select the key length and digest to sign with? 2048 and SHA256 combination should work?

View 9 Replies View Related

Cisco WAN :: 2800 Router Certificate Key For SSH

Sep 19, 2011

I am operating a 2800 series Cisco router.  The router is working fine  except that I am not able to SSH into the router.  I have checked the  running config with cisco's documentation and every line is correct.   Prior to me getting this job they did an update and think they have  corrupted the a certificate key for SSH.
 
Any command to generate just the SSH key  and not all the other keys that would cause bigger connection issues.

View 1 Replies View Related

Cisco VPN :: 5510 - SSL VPN Certificate Authentication

Aug 1, 2012

I'm changing SSL VPN from aaa authentication to both aaa and certs, Server 08 CA, 8.2 ASA 5510, ssl client 2.5.1025 and Windows 7 users. My question is what should be the template of the id cert that I receive from CA. ,

View 16 Replies View Related

Cisco :: Certificate Authentication At WLC 4402

Jan 18, 2012

we  are using Cisco Aironet 1130 AG and a Cisco 4402 WLC in our network. The certificate service is installed on a Windows 2008 R2 server. We use a standalone Root CA with a Enterprise Sub CA hierarchy. Issueing certificates to clients works fine. The vendor and ca certificates are installed on the WLC and the user have his user certificate. During implementation we used following document: url... Instead of Anonymous Bind, we use a service user to read in AD (works fine, too).
 
We use the Intel/PRO wireless utility on our Testclient and configured it for EAP-FAST and TLS. We can select the installed certificate in the utility, but when we try to connect, the utility throw the message: "Authentication failed due to an invalid certificate".We´ve logged the WLC and thats a part of the logfile (i´ve greyed out all enterprise data): [code]

View 3 Replies View Related

Cisco VPN :: Renewing Certificate On ASA 5510

Apr 9, 2013

I have an ASA 5510 Try to add a new certifcate to the exsiting trustpoint or create a new trustpoint and migrate my VPNs over to that.

View 1 Replies View Related

Cisco :: ACS 5.3 Certificate VLAN AD Mapping

Jul 25, 2012

we have ACS 5.3 and 1042 AP. So we need to authenticate client based on user certificate, and after that to put the client in specific VLAN based on membership in Active Directory group.
 
Is it possible to do that? We can not solve the problem of identity store, once the user is authenticated based on regular certificate, we need to authorize the same user based on the specific attribute from AD.

View 1 Replies View Related

Cisco VPN :: Anyconnect 3.1 Certificate Authentication

Dec 20, 2012

I am doing a proof of concept with anyconnect and certificate authentication. with 3.0 i was able to do this with a certificate from my CA and a client cert in a smartcard. I have upgraded to 3.1 and now it doesnt work anymore ( i need 3.1 and Asa 9.0 because of IPv6 Split-tunneling).Reading the forum i got some info that the ASA cert must have a EKU value of 'Server Authentication' and the client cert must have a similar EKU (client Auth)

View 4 Replies View Related

Cisco VPN :: How To Import SSL Certificate To ASA 5510

Jun 3, 2012

Do you know the procedure of import SSL certificate from Godaddy to ASA 5510? attached is the drop-down list that I have to choose from.

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved