Need help with attention not approved VPN server certificates.

I've been on the many other posts about it, and they all seem a bit different, so I started my own thread.

I was sent to my users via the ASA AnyConnect 3.1.02026, and we all get the warning of the Cert of untrusted when connecting VPN server.

When the ASA deploys the client, it puts the external IP of the SAA as the host name, which causes the error.

So I have two questions: 1. How can I get the ASA to make host name "vpn.cfo.com" when a user installs the client and 2. How can I change my cert so that it does not show the internal name of the ASA and use 'vpn.cfo.com' instead?

Here are all the news that everyone should not (I) help to think

SSL-trust ASDM_TrustPoint0 OUTSIDE_PRIMARY point

Certificate

Status: available

Of the certificate number:

Use of certificates: Signature

Public key type: RSA (1024 bits)

Signature algorithm: SHA1 with RSA encryption

Name of the issuer:

hostname = ambossfw01.cfopub .net

CN = ambossfw01

Name of the object:

hostname = ambossfw01.cfopub .net

CN = ambossfw01

Validity date:

start date: 15:17:42 EDT June 2, 2011

end date: 15:17:42 EDT May 30, 2021

Trustpoints Associates: ASDM_TrustPoint0

CA

Status: available

Of the certificate number:

Certificate use: general use

Public Key Type: RSA (2048 bits)

Signature algorithm: SHA1 with RSA encryption

Name of the issuer:

CN = VeriSign Class 3 Public Primary Certification Authority - G5

or = (c) 2006 VeriSign\, Inc. - authorized only use

OU = VeriSign Trust Network

o = VeriSign\, Inc.

c = US

Name of the object:

CN = VeriSign Class 3 Secure Server CA - G3

OU = terms of use at https://www.verisign.com/rpa (c) 10

OU = VeriSign Trust Network

o = VeriSign\, Inc.

c = US

OCSP AIA:

URL: http://ocsp.verisign.com

CRL Distribution points:

[1] http://crl.verisign.com/pca3-g5.crl

Validity date:

start date: 19:00:00 EST February 7, 2010

end date: 18:59:59 EST February 7, 2020

Trustpoints Associates: _SmartCallHome_ServerCA

Any help would be greatly appreciated.

Advertisement

Hello

Cisco has made a strict checking of KU and EKU in recent versions of AnyConnect, which leads to the warning you got.

To my knowledge, if you go to 3.1.00495, you will not get this warning, if not, you need to get the valid KU and EKU fields in your certificate of ASA.

To use specific trustpoint, please check the 'truspoint ssl' command in global configuration mode.

Mashal

Tags: Cisco Security

Similar Questions

  • Need help with configuration on cisco vpn client settings 1941

    Hey all,.

    I just bought a new router 1941 SRI and need help with the configuration of the parameters of the VPN client. Orders aspect a little different here, as I'm used to the configuration of ASA and PIX for vpn, routers not...

    If anyone can help with orders?

    I need the installation:

    user names, authentication group etc.

    Thank you!

    Take a peek inside has the below examples of config - everything you need: -.

    http://www.Cisco.com/en/us/products/ps5854/prod_configuration_examples_list.html

    HTH >

    Andrew.

  • Need help with permissions of folder in Server 2008 r2

    I have a windows domain and use roaming profiles for our students.

    Student profiles server is a 2008 r2 box.  I have a folder created on the root of drive called profiles, and the permissions are set as follows:
    inheritance is turned off
    Tech - total control (no matter who in the Technology Department)
    teachers - full control (all teachers have access to all the files of the student)
    control system - total
    domain user - of special permissions (this was defined by windows not me)
    inside this folder, I have 2 folders.  one called data and one called roam.  Each of these files has turned on inheritance and the show the same permissions as the folder parent.  Inside the data folder is where each student has a folder (named by ID) with their my documents folder, desktop etc folder.  the roaming folder also contains student folders (named by id) that contains the appDat file and the ntuser.dat etc files (everything is copied to the local computer when connecting)
    Folders that are created inside these files are supposed to get all the permissions of the parent folder but also give the student change your permission on the folder and its contents.
    I recently renamed the homelessness file and created a new folder of homelessness as described above.  student records begin to be created inside however, some of them have the correct permission settings, some list only the student and administrator (inheritance is disabled) and some are created where I have no access to the folder at all until I have take ownership of the file, after which the administrator is the only user with permissions for the folder and the contents.
    I have 6000 student accounts.  Is it possible to write a vb script that would change the permissions on these folders at once instead of changing each one individually.
    What I need, is to ask the administrator appropriating all the files and folders, and then change the properties of legacy on all files and folders, add the student to their folder with change permission, and change the owner of every folder and contents back to the ID of the folder name.
    Any help would be GREATLY appreciated!  In the end, I'd be delighted if records were created just correctly and does not need to do anything.  It worked very well under windows XP, but since we moved to windows 7, it has been a nightmare!  I got a box to open with Microsoft and that they could not obtain records to create with the correct permissions and the case was closed after 2 weeks or try different things.  The idea of scenario is mine, but I don't know where to start to create.

    I have a windows domain and use roaming profiles for our students.

    Student profiles server is a 2008 r2 box.  I have a folder created on the root of drive called profiles, and the permissions are set as follows:
    inheritance is turned off
    Tech - total control (no matter who in the Technology Department)
    teachers - full control (all teachers have access to all the files of the student)
    control system - total
    domain user - of special permissions (this was defined by windows not me)
    inside this folder, I have 2 folders.  one called data and one called roam.  Each of these files has turned on inheritance and the show the same permissions as the folder parent.  Inside the data folder is where each student has a folder (named by ID) with their my documents folder, desktop etc folder.  the roaming folder also contains student folders (named by id) that contains the appDat file and the ntuser.dat etc files (everything is copied to the local computer when connecting)
    Folders that are created inside these files are supposed to get all the permissions of the parent folder but also give the student change your permission on the folder and its contents.
    I recently renamed the homelessness file and created a new folder of homelessness as described above.  student records begin to be created inside however, some of them have the correct permission settings, some list only the student and administrator (inheritance is disabled) and some are created where I have no access to the folder at all until I have take ownership of the file, after which the administrator is the only user with permissions for the folder and the contents.
    I have 6000 student accounts.  Is it possible to write a vb script that would change the permissions on these folders at once instead of changing each one individually.
    What I need, is to ask the administrator appropriating all the files and folders, and then change the properties of legacy on all files and folders, add the student to their folder with change permission, and change the owner of every folder and contents back to the ID of the folder name.
    Any help would be GREATLY appreciated!  In the end, I'd be delighted if records were created just correctly and does not need to do anything.  It worked very well under windows XP, but since we moved to windows 7, it has been a nightmare!  I got a box to open with Microsoft and that they could not obtain records to create with the correct permissions and the case was closed after 2 weeks or try different things.  The idea of scenario is mine, but I don't know where to start to create.

    Wrong forum.  TechNet.
     
    And Yes - many ways to do what you want.  VBScript would work.  PowerShell.  Probably still a command script could do.

  • I need help with this error on VMware Server 2

    Hello world!  I'm new to using this site, but not to a large part by using VMware, VMware Server software. I have worked with it for 1.0.5 version. I have a Dell 2950 PowerEdge Server with Red Hat 5.2 and VMware Server 2. I installed 3 virtual machines and I made a backup of any of it. I copied this entire virtual machine to another computer (Dell Optiplex 755) with the same Red Hat 5.2 and VMware Server 2 and I added the virtual machine properly in the inventory of machines with VMWare Server 2 recognized the very fast machine. But when I press Play to start the virtual machine I got the error that appears on the image and I don't know what can be the problem.

    Can someone help me please?

    Thank you very much!

    William Anderson

    It looks like may have copied the files when the virtual machine is not correctly - stop search *.lck files/folders in the destination folder and delete them. Also, make sure that the account running the VMware process has permissions to write to the files/folders.

    ---

    If you have found this device or any other answer useful please consider the use of buttons useful or Correct to award points.

  • Need help with TLS not active Windows 2008 R2 64-bit

    Our companies security vulnerability scanner reports alert status high following for port 443. The system is updated in the plots and we followed this MS doc on how to enable TLS https://technet.microsoft.com/en-us/library/dn786418.aspx#BKMK_SchannelTR_TLS12

    Vulnerability scanner is reporting.

    [top] [443, tcp, www] TLS Version 1.2 protocol not enabled

    V1.2 TLS is not enabled on this port.

    CVE: #

    Summary:

    The service remote crypt communications, but does not have TLS 1.2 active.

    Details:

    TLSv1.2 is not currently enabled on a service that supports SSL/TLS traffic. Due to recent security issues with encrypted protocols, devices and applications owners are requested to ensure that their systems and applications support version 1.2 in the anticipation of future efforts to eliminate the use of TLSv1.0 and v1.1.

    Difficulty:

    Select TLSv1.2.

    Because each application/service handles this differently, please consult product support or documentation staff. In many cases, the product may not yet support v1.2, in which case it is advisable to open a defect/problem with technical support ticket.

    As with most configuration changes, restart the service to ensure that the change to take effect.

    This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)
    *
  • Need help with Vista not recognizing the .sys file

    Please help me!  I am trying to load a driver USB 2wire on Vista and it does not recognize the .sys file.  Can I convert this easily to .exe, or y at - it another way to achieve this... I am a novice at best here.  Thank you!

    Can you check it out here:

    http://support.2Wire.com/?page=view&article=545

    just to see that you found the driver for the right adapter. It turns out that there are two.

    I won't be able to respond for a while.

  • Need help with battery not genuine message

    So I bought a new refurb e531 i7 4rb ram 500 GB 7200 RPM 3632qm. Machine will great however as soon as I turned it on, I noticed there was a battery not geunine bios message had to press ESC to continue.

    Ignored he thought that perhaps he would learn the battery or something.

    Anyway its been a good 10 hours now give me again the message as I noticed his load not while it is plugged. To try to solve this problem, I.

    update the bios.

    Uninstalled and reinstalled more recent software management power and driver

    Shut down the system disconnected from battery power cord and waited 30 seconds and reinsterted the battery then charger.

    So far not impressed with this firmware battery geunine im system cannot detect even their own battery!

    problem solved as described in my last post on this page

    http://forums.Lenovo.com/T5/ThinkPad-edge-S-series/another-new-ThinkPad-E531-battery-problem/TD-p/13...

  • need help with my window is in thai and I do not understand to all.how to convert to English?

    need help with my window is in thai and I don't quite understand.
    How to convert to English? I tried for days but still it cannot be changed.
    because I can't read thai... Please help me step by step...

    my pc is touchsmart 9100 windows 7 Professional.

    Not a single word is in English if I go to the "region and language" to change.

    Everthing is in thai in the system.

    Hello

    Where have you bought the PC?

    What is the operating system installed?

    Best regards

    ERICO

  • I need help with my Windows Media Center. I was not able to get any video on my Windows Media Center.

    original title: I need help with my Windows Media Center.

    I was not able to get any video on my Windows Media Center. How do I do that? I can put it on Facebook, but cannot get them on the Media Center. I'm ready to pull my hair out LOL

    Hello

    1. what exactly happens when you try to play any video on media center to Windows? Error message? If so, then post back the exact error message.
    2. were you able to play videos on Windows media center with no problems before?
    3. don't you make changes on the computer before this problem?
    4. are you able to play the videos on Windows media player?
    5 are supported by Windows media centerfiles?

    Answer to the above mentioned questions could help us help you better.

    The following article might be useful.
    Solve problems with DVDs and movies in Windows Media Center
    http://Windows.Microsoft.com/en-us/Windows-Vista/troubleshoot-problems-with-DVDs-and-movies-in-Windows-Media-Center

  • Need help with windows defender. all my files folders pictures everythiing disappeared and I find myself with this black screen and it is not all good: o)

    Need help with windows defender. all my files folders pictures everythiing disappeared and I find myself with this black screen and it is not all good: o)

    I don't know why vista windows no longer charge, or when the files and folders disappeared

    How Windows Defender is on this problem?

    Follow these steps to try to solve your problems of boot.

     

     

    Restore point:

    Try typing F8 at startup and in the list of Boot selections, select Mode safe using ARROW top to go there > and then press ENTER.

    Try a restore of the system once, to choose a Restore Point prior to your problem...

    Click Start > programs > Accessories > system tools > system restore > choose another time > next > etc.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    If restore work not and you do not have a Vista DVD from Microsoft, do a repair disc to do a Startup Repair:

    Download the ISO on the link provided and make a record of repair time it starts.

    Go to your Bios/Setup, or the Boot Menu at startup and change the Boot order to make the DVD/CD drive 1st in the boot order, then reboot with the disk in the drive.

    At the startup/power on you should see at the bottom of the screen either F2 or DELETE, go to Setup/Bios or F12 for the Boot Menu.

    When you have changed that, insert the Bootable disk you did in the drive and reboot.

    http://www.bleepingcomputer.com/tutorials/tutorial148.html

    Link above shows what the process looks like and a manual, it load the repair options.

    NeoSmart containing the content of the Windows Vista DVD 'Recovery Centre', as we refer to him. It cannot be used to install or reinstall Windows Vista, and is just a Windows PE interface to recovering your PC. Technically, we could re-create this installation with downloadable media media freely from Microsoft (namely the Microsoft WAIK, several gigabyte download); but it is pretty darn decent of Microsoft to present Windows users who might not be able to create such a thing on their own.

    Read all the info on the website on how to create and use:

    http://NeoSmart.net/blog/2008/Windows-Vista-recovery-disc-download/

    ISO Burner:http://www.snapfiles.com/get/active-isoburner.html

    It's a very good Vista startup repair disk.

    You can do a system restart tool, system, etc it restore.

    It is NOT a disc of resettlement.

    And the 32-bit is what normally comes on a computer, unless 64-bit.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Data recovery:

    1. slave of your hard drive in another computer and read/save your data out there.

    2. put your Hard drive in a USB hard drive case, plug it into another computer and read/save from there.

    3 Alternatively, use Knoppix Live CD to recover data:

    http://www.Knopper.NET/Knoppix/index-en.html

    Download/save the file Knoppix Live CD ISO above.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    http://isorecorder.alexfeinman.com/isorecorder.htm

    Download the Vista software from the link above.

    After installing above ISO burning software, right click on the Knoppix ISO file > copy the Image to a CD.

    Knoppix is not installed on your PC; use only the resources of your PC, RAM, graphics etc.

    Change the boot order in YOUR computer/laptop to the CD/DVD Drive 1st in the boot order.

    Plug a Flash Drive/Memory Stick, BOOT with the Live CD, and you should be able to read the hard drive.

    When the desktop loads, you will see at least two drive hard icons on the desktop (one for your hard drive) and one for the USB key.

    Click on the icons of hard drive to open and to understand which drive is which.

    Click the icon for the USB drive and click on "Actions > Change the read/write mode" so you can write to disk (it is read-only by default for security reasons).

    Now to find the files you want to back up, just drag and drop them on the USB. When you're done, shut down the system and remove the USB key.

    See you soon.

    Mick Murphy - Microsoft partner

  • I'm not sure that photoshop to buy, I need help with watermark or copyright law

    I'm not sure that photoshop to buy, I need help with watermark or copyright law

    http://www.Adobe.com/products/Photoshop/buying-guide-version-comparison.html

  • I'm suddenly needing help with my browser Firefox (6.0.2)

    Hello
    I'm suddenly needing help with my browser Firefox (6.0.2)

    (OS: I use Windows XP).

    When I open the browser, I don't see is a totally white screen of white, with all the toolbars at the top.

    I know that my physical connections are very good: I have tested the modem, turned the pc market etc and I can also receive/send emails.

    This problem started today, September 8, 2011 and has never happened before.

    Is it a coincidence that Firefox itself to day before I disconnected yesterday evening? Could this be something to do with this particular new update?

    I also noticed that just before I "opened" Firefox, I now get a small box indicating:

    [JAVASCRIPT APPLICATION]
    Handl exc in Ev: TypeError: this oRoot.enable is not a function

    This never appeared before - I hope that it offers a clue has what is wrong.

    The browser not be stuck in Mode safe, said by the way.

    Of course, I can't find solutions to the problem on the internet, I don't physically see all Web sites!
    (A friend sends this request in my name from their pc)

    Any light you can throw on this problem of confusion would be much appreciated. I'd rather not have to uninstall and reinstall Firefox if possible.

    If the only option is to uninstall Firefox and reinstall from your site, I'm also in trouble (I can not see the internet or download).
    In this case, would you be able to send the .exe file as an attachment to my e-mail address? In the affirmative, please let me know and I'll give you more details.

    Thanks in advance.

    One possible cause is security software (firewall) that blocks or limits Firefox or plugin-container process without informing you, possibly after the detection of changes (update) for the Firefox program.

    Delete all rules for Firefox in the list of permissions in the firewall and leave your firewall again ask permission to get full unlimited access to the internet for Firefox and the plugin-container and the update process.

    See:

    Start Firefox in Firefox to solve the issues in Safe Mode to check if one of the extensions of the origin of the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > appearance/themes).

  • I need help with an installation failure to interpret and troubleshoot a Setup log.

    Background: A few years ago, many editors of cinema used Final Cut Pro 6 (also contained in Final Cut Studio 2) for their editing projects.  Shared Apple Final Cut X uses a different format that is not compatible with FCP6.  Sometimes, these editors are called to work on a few historical projects that have been published in FCP6 and need this version to run now.

    Starting with OS X Lion, FCP6 would install not in Lion and thereafter.

    According research by Jeremy Johnston as noted on his blog, he discovered that Apple has inserted a file in the folder CoreServices in the Library folder of the system folder that causes versions the version Final Cut Pro X (and other older Apple programs in the same situation) do not settle.  He suggested changes to this file that would seek to prevent interfering with the installation of FCP6 in Lion, many users of final cut PRO 6 were successful in their efforts to install in Lion and work with it.

    Later in a discussion update on installing FCP6 in Mavericks, HawaiianHippie determined that the simplest way to perform the installation of FCP6 was simply copy this file and remove it from the system folder, install FCP6 and then restore the copied file:

    https://discussions.Apple.com/message/26309669#26309669

    I used this method with success to install FCS2 in Yosemite:

    [click on images to enlarge]

    However, in my attempts to install FCS2 in El Capitan, it fails in the last 5% to install the first DVD:

    First of all, I need advice on how to display an extremely large Setup log in this thread (on MacRumors, it is a method to insert a 'code' in a small box that can be the object of a scrollbar if necessary to read all along).  I am unable to find such a method to post here.

    Then once approved, I need help to determine which component is causing the installation to fail and perhaps this element can be omitted from the installation:

    If this element is not required, then maybe FCP6 can be installed successfully without it.  And if that omitted element is necessary, perhaps a manual method to install it can be determined by pacifists.

    It is my goal to help those who need to install and use FCP6 on their new Macs running El Capitan.

    Here is the post on MacRumors with pre-installed Setup log:

    http://forums.MacRumors.com/threads/i-need-help-with-an-installation-failure-to-interpret-and-troubleshoot-an-Installer-log.1954786/#post-22541389

  • I have a mess of error. about microsoft Isatap adapter... plug and play id root\ * Isatap\0002 error tv-configmgrerr31 need help with drivers

    need help with this.is there a link for the drivers. The only changes to my system is a new modom.netgear wireless g54.thank you

    Hello

    (1) what is the complete error message you receive?

    (2) when exactly you get this error message?

    (3) how long have you been faced with this problem?

    You can ignore this error message. This error message does not indicate a problem with the adapter. The adapter will continue to function correctly.

    See the article below

    On a Windows Vista-based computer or on a Windows Server 2008-based computer, the Microsoft ISATAP map appears with a yellow exclamation mark next to it in Device Manager, and you also receive an error message
    http://support.Microsoft.com/kb/932520

  • Need help with my Mail window. I can't export my message to the PST format. I keep getting the message error "an error occurred during initialization of MAPI".

    Hello

    Need help with my Mail window. I can't export my message to the PST format. I keep getting the message error "an error occurred during initialization of MAPI". Y at - it solution or another method?

    Hi ErikLee,

    Do you have MS Outlook installed on your computer?

    Windows mail import and export opportunities are limited to an Outlook .pst file or an Exchange Server mailbox. They are available only if MS Outlook is installed.
    If MS Outlook is not installed and you start an import or export action, the necessary support files are not present for Windows mail complete the operation. Then I suggest you to install Outlook temporarily and see if the problem is resolved.

    Follow the instructions below and check if the problem is resolved.

    1. reboot your computer, and then start Windows Mail.
    2. on the Tools menu, click Options.
    3. in the connection tab, click on edit to open the Internet Properties dialog box.
    4. in the tab programs, click on an application other than Windows mail e-mail in the e-mail list. Click on apply and then click OK.
    5. click OK again to close the Options dialog box.
    6. exit Windows mail and restart Windows mail.

    If this does not work, I suggest you upgrade to Windows Live Mail to import or export messages that may help you resolve the issue.

    To download Windows Live Mail, visit the following Microsoft Web site:
    http://get.live.com/wlmail/overview

    For more information about Windows Live Mail, see the Microsoft Web site at the following address:
    http://windowshelp.Microsoft.com/Windows/en-us/help/4b30d3d6-abe2-46d1-a5fd-4a1ba786a1381033.mspx

    Check whether the problem is resolved.

    Please post back and let us know if it helped to solve your problem.

    Kind regards
    KarthiK TP

Maybe you are looking for


HashFlare