cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6245
Views
15
Helpful
6
Replies

ASA temporary self signed certificate

cofee
Level 5
Level 5

Hi,

 

Can someone tell me how to check or view temporary self signed certificate generated by ASA using CLI? Also, is temporary self signed certificate generated once command "http server enable" is entered? And, what happens if disable http server after turning it on, would ASA remove the temporary self signed certificate or would it need to be rebooted in order to remove temporary self signed certificate?


Thanks!!

6 Replies 6

Jason Kunst
Cisco Employee
Cisco Employee
Does this have anything to do with ISE? If not please move to appropriate community

Thanks for catching me. Prior to posting here, I attempted to post under the firewall section several times, but it won't let me and kept giving me error. It appears firewall and IPS/IDS sections are having issues.

Marvin Rhoads
Hall of Fame
Hall of Fame

You can bind it to an interface and then browse to that interface address (you must also permit http(s) to that interface from your source address or subnet).

 

I don't believe disabling the http server will remove the temporary certificate.

Thanks for the comment. Does this mean that temporary self-signed certificate is something we can't get rid of?  and would you know where it is stored because I looked in the running config and couldn't find it.

Best way to get rid of it is to generate another self-signed certificate (or a public CA) and statically assign that certificate to all the interfaces. 

 

I believe that this certificate is generated with http server or the webvpn feature is enabled. If both of these are disabled, the ASA should not have a socket opened to listen on 443, thus eliminating the need for the ASA to have a cert.

Peter Koltl
Level 7
Level 7

show ssl

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: