https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3713879#M31719 <P>Thanks for catching me. Prior to posting here, I attempted to post under the firewall section several times, but it won't let me and kept giving me error. It appears firewall and IPS/IDS sections are having issues.</P> Thu, 27 Sep 2018 00:05:59 GMT cofee 2018-09-27T00:05:59Z https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3713876#M31717 <P>Hi,</P> <P>&nbsp;</P> <P>Can someone tell me how to check or view temporary self signed certificate generated by ASA using CLI? Also, is temporary self signed certificate generated once command "http server enable" is entered? And, what happens if disable http server after turning it on, would ASA remove the temporary self signed certificate or would it need to be rebooted in order to remove temporary self signed certificate?</P> <P><BR />Thanks!!</P> Fri, 21 Feb 2020 16:17:11 GMT https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3713876#M31717 cofee 2020-02-21T16:17:11Z https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3713878#M31718 Does this have anything to do with ISE? If not please move to appropriate community <BR /> Thu, 27 Sep 2018 00:03:45 GMT https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3713878#M31718 Jason Kunst 2018-09-27T00:03:45Z https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3713879#M31719 <P>Thanks for catching me. Prior to posting here, I attempted to post under the firewall section several times, but it won't let me and kept giving me error. It appears firewall and IPS/IDS sections are having issues.</P> Thu, 27 Sep 2018 00:05:59 GMT https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3713879#M31719 cofee 2018-09-27T00:05:59Z https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3714484#M31720 <P>You can bind it to an interface and then browse to that interface address (you must also permit http(s) to that interface from your source address or subnet).</P> <P>&nbsp;</P> <P>I don't believe disabling the http server will remove the temporary certificate.</P> Thu, 27 Sep 2018 17:35:00 GMT https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3714484#M31720 Marvin Rhoads 2018-09-27T17:35:00Z https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3714496#M31721 <P>Thanks for the comment. Does this mean that temporary self-signed certificate is something we can't get rid of?&nbsp; and would you know where it is stored because I looked in the running config and couldn't find it.</P> Thu, 27 Sep 2018 18:04:13 GMT https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3714496#M31721 cofee 2018-09-27T18:04:13Z https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3714552#M31722 <P>Best way to get rid of it is to generate another self-signed certificate (or a public CA) and statically assign that certificate to all the interfaces.&nbsp;</P> <P>&nbsp;</P> <P>I believe that this certificate is generated with http server or the webvpn feature is enabled. If both of these are disabled, the ASA should not have a socket opened to listen on 443, thus eliminating the need for the ASA to have a cert.</P> Thu, 27 Sep 2018 19:19:18 GMT https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3714552#M31722 Rahul Govindan 2018-09-27T19:19:18Z https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3716914#M31723 <P><STRONG>show ssl</STRONG></P> <P>&nbsp;</P> Mon, 01 Oct 2018 21:17:36 GMT https://community.cisco.com/t5/network-security/asa-temporary-self-signed-certificate/m-p/3716914#M31723 Peter Koltl 2018-10-01T21:17:36Z