Cannot onboard ASA due to certificate error
Environment: ASA is configured with client-side certificate authentication.
Solution: Disable client-side certificate authentication.
Details: ASAs support credential-based authentication as well as client-side certificate authentication. CDO cannot connect to ASAs that use client-side certificate authentication. Before onboarding your ASA to CDO, make sure it does not have client-certificate authentication enabled by using this procedure:
Procedure
Step 1 | Open a terminal window and connect to the ASA using SSH. |
Step 2 | Enter global configuration mode. |
Step 3 | At the hostname (config)# prompt, enter this command: no ssl certificate-authentication interfaceinterface-nameport 443The interface name is the name of the interface CDO connects to. |