Replace DualShield's IdP Certificare
By default settings, DualShield Server's IdP certificate is valid for 100 years. However, there is a bug in Cisco ASA which causes ASA not to accept a certificate that is valid beyond year 2038 (https://quickview.cloudapps.cisco.com/quickview/bug/CSCsc45595).
Therefore, we have to replace the default DualShield's IdP certificate with a certificate that is valid before 2038.
On your DualShield server machine, navigate to the folder "C:\Program Files\Deepnet DualShield\certs", back up the file called "idpfull.jks"
Open a Windows command console
Navigate to "C:\Program Files\Deepnet DualShield\jre\bin"
Enter the command below:
keytool -genkey -keyalg RSA -alias idp_dualshield -keystore idpfull.jks -storepass changeit -validity 3600 -keysize 2048 -ext BasicConstraints=ca:true
Copy "idpfull.jks" file to the folder "C:\Program Files\Deepnet DualShield\certs" and overwrite the old file.
Finally, restart the DualShield service.