cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1402
Views
15
Helpful
6
Replies
Contributor

ASA temporary self signed certificate

Hi,

 

Can someone tell me how to check or view temporary self signed certificate generated by ASA using CLI? Also, is temporary self signed certificate generated once command "http server enable" is entered? And, what happens if disable http server after turning it on, would ASA remove the temporary self signed certificate or would it need to be rebooted in order to remove temporary self signed certificate?


Thanks!!

6 REPLIES 6
Cisco Employee

Re: ASA temporary self signed certificate

Does this have anything to do with ISE? If not please move to appropriate community
Contributor

Re: ASA temporary self signed certificate

Thanks for catching me. Prior to posting here, I attempted to post under the firewall section several times, but it won't let me and kept giving me error. It appears firewall and IPS/IDS sections are having issues.

Hall of Fame Master

Re: ASA temporary self signed certificate

You can bind it to an interface and then browse to that interface address (you must also permit http(s) to that interface from your source address or subnet).

 

I don't believe disabling the http server will remove the temporary certificate.

Contributor

Re: ASA temporary self signed certificate

Thanks for the comment. Does this mean that temporary self-signed certificate is something we can't get rid of?  and would you know where it is stored because I looked in the running config and couldn't find it.

VIP Advocate

Re: ASA temporary self signed certificate

Best way to get rid of it is to generate another self-signed certificate (or a public CA) and statically assign that certificate to all the interfaces. 

 

I believe that this certificate is generated with http server or the webvpn feature is enabled. If both of these are disabled, the ASA should not have a socket opened to listen on 443, thus eliminating the need for the ASA to have a cert.

Highlighted
Contributor

Re: ASA temporary self signed certificate

show ssl