AnsweredAssumed Answered

Certificate Mismatch ?

Question asked by Timothy Glen on Mar 14, 2016
Latest reply on Mar 22, 2016 by Matthias Wächter

Hi All,

 

I just received a new certificate from GlobalSign and I installed it on my ASA.

 

When I browse to the site in IE, Chrome, or Firefox the browser accurately shows the site with the correct certificate installed.  None of the browsers show certificate errors.  When I launch AnyConnect and connect to the ASA it connects fine with no certificate error.

 

However when I use SSL Labs to 'check' the ASA Certificate it states the ASA is using 'ASA Temporary Self Signed Certificate'.

https://globalsign.ssllabs.com/analyze.html?d=lab-asa.asicentral.com&latest

 

The URL to the ASA is https://lab-asa.asicentral.com

 

I'm confused about why SSL Labs is showing the ASA Temporary Signed Cert when the ASA obviously is providing the GlobalSign cert. This morning I was reading Qualys Known Issues and saw this and wonder if this 'Known Issue' is whats occurring.

Known Issues

 

  • SSL Labs currently shows only one certificate, even with servers that have more than one. This is a limitation of the UI, which shows the first encountered certificate. Internally, SSL Labs collects all certificates. All will be shown in a future release.

 

If someone could confirm or provide some insight I would be greatly appreciative.

 

Thank you!

 

Tim

Outcomes