I just received a new certificate from GlobalSign and I installed it on my ASA.
When I browse to the site in IE, Chrome, or Firefox the browser accurately shows the site with the correct certificate installed. None of the browsers show certificate errors. When I launch AnyConnect and connect to the ASA it connects fine with no certificate error.
However when I use SSL Labs to 'check' the ASA Certificate it states the ASA is using 'ASA Temporary Self Signed Certificate'.
The URL to the ASA is https://lab-asa.asicentral.com
I'm confused about why SSL Labs is showing the ASA Temporary Signed Cert when the ASA obviously is providing the GlobalSign cert. This morning I was reading Qualys Known Issues and saw this and wonder if this 'Known Issue' is whats occurring.
- SSL Labs currently shows only one certificate, even with servers that have more than one. This is a limitation of the UI, which shows the first encountered certificate. Internally, SSL Labs collects all certificates. All will be shown in a future release.
If someone could confirm or provide some insight I would be greatly appreciative.