How to log into ASDM for a Cisco ASA when you get the Unable to launch device manager error

, , ,

I like to keep my client’s devices up to date to prevent any issues from arising and have access to the devices latest features. Unfortunately not everyone is happy to pay that little extra to have an on-going support / maintenance agreement.  I was recently out at a customer who had an ASA 5505 which had been running for years but needed some new NAT translations added in.  So I fired up my laptop and loaded up ASDM Launcher, after typing in the credentials I got Unable to launch device manager on ASA-5505 error.  One thing I like to do when this happens is to check why, click on the Java icon in the login window and you will be prompted with the Java console, I saw the following;

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Java couldn't trust Server
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

The main thing sticking out to me was Java couldn’t trust Server to fix this I needed to load up the Java control panel once open navigate to the Security tab > Edit Site List… > Add > Enter the URL of ASDM.  In my case that was https://192.168.1.254/ once I added that, click Ok and Apply and close out of your browser / ASDM Launcher.  Now if you try to log in again it should let you through into ASDM and allow you to make the changes you need.

java_security

Another method to resolve this error is to export the certificate of the device to your computer (use firefox and navigate to the appliance web page and export the SSL certificate) then import it into Java using the control panel method above but hit Manage Certificates…

If you’re running a new version of ASDM, this doesn’t happen, also some say downgrading Java to 1.6 will remove the issue also.  Hope that helps someone out.


Leave a Reply

More Posts

Moving the SQL Server tempdb file location after SQL Server is installed

Working with one of my education customers I recently had to perform some maintenance on their SQL Database server as they were running low on disk space AND had a free unused virtual disk where we could throw their tempdb onto (it was meant to go here but they didn’t place it there during installation). […]

Checking the performance of your Windows Server 2012 Hyper-V Server with Performance Monitor and PAL

Windows Server 2012 brings some great improvements to Virtualization.  We’re currently running it in production and it works wonders, especially with the new Hyper-V Replica feature which is great and free way of implementing DR.  So now you’ve got that cluster running, how can we tell if it is performing well.   I recently stumbled upon PAL […]

Watch out when you enable DNS Scavenging and have a DirectAccess environment

So we had recently enabled DNS scavenging for a large environment who also had a DirectAccess server. The next day we were getting help desk calls about remote users not able to connect and those who were in the office unable to use their devices. One of the cornerstones of DirectAccess is DNS and the […]