Cannot onboard ASA due to certificate error

Environment: ASA is configured with client-side certificate authentication.

Solution: Disable client-side certificate authentication.

Details: ASAs support credential-based authentication as well as client-side certificate authentication. Security Cloud Control cannot connect to ASAs that use client-side certificate authentication. Before onboarding your ASA to Security Cloud Control, make sure it does not have client-certificate authentication enabled by using this procedure:

Procedure


Step 1

Open a terminal window and connect to the ASA using SSH.

Step 2

Enter global configuration mode.

Step 3

At the hostname (config)# prompt, enter this command:

no ssl certificate-authentication interfaceinterface-nameport 443

The interface name is the name of the interface Security Cloud Control connects to.