KB ID 0001106 Dtd 08/09/15
I installed a third party certificate for a client on their ASA (from Digicert). And followed my usual procedure. I enabled it on the outside interface and tested AnyConnect, it wasn't working.
The ASA refused to present anything other than its self signed certificate.
This is because after 9.4 the ASA will automatically present a certificate that has an elliptical curve cipher. Even if the ASA has a configured Truspoint (based on RSA).
To rectify this you need to execute the following command;
Petes-ASA# configure terminal
Petes-ASA(config)# ssl cipher tlsv1.2 custom
Providing you enabled the certificate correctly, it should work straight away.
Related Articles, References, Credits, or External Links