KB ID 0001106
Problem
I installed a third party certificate for a client on their ASA (from Digicert). And followed my usual procedure. I enabled it on the outside interface and tested AnyConnect, it wasn’t working.
The ASA refused to present anything other than its self signed certificate.
Solution
This is because after 9.4 the ASA will automatically present a certificate that has an elliptical curve cipher. Even if the ASA has a configured Truspoint (based on RSA).
To rectify this you need to execute the following command;
[box]
Petes-ASA> enable Password: ******** Petes-ASA# configure terminal Petes-ASA(config)# ssl cipher tlsv1.2 custom "AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA:RC4-SHA:RC4-MD5"
[/box]
Providing you enabled the certificate correctly, it should work straight away.
Related Articles, References, Credits, or External Links
NA