Can someone tell me how to check or view temporary self signed certificate generated by ASA using CLI? Also, is temporary self signed certificate generated once command "http server enable" is entered? And, what happens if disable http server after turning it on, would ASA remove the temporary self signed certificate or would it need to be rebooted in order to remove temporary self signed certificate?
Thanks for catching me. Prior to posting here, I attempted to post under the firewall section several times, but it won't let me and kept giving me error. It appears firewall and IPS/IDS sections are having issues.
You can bind it to an interface and then browse to that interface address (you must also permit http(s) to that interface from your source address or subnet).
I don't believe disabling the http server will remove the temporary certificate.
Thanks for the comment. Does this mean that temporary self-signed certificate is something we can't get rid of? and would you know where it is stored because I looked in the running config and couldn't find it.
Best way to get rid of it is to generate another self-signed certificate (or a public CA) and statically assign that certificate to all the interfaces.
I believe that this certificate is generated with http server or the webvpn feature is enabled. If both of these are disabled, the ASA should not have a socket opened to listen on 443, thus eliminating the need for the ASA to have a cert.