09-26-2018 04:57 PM - edited 02-21-2020 08:17 AM
Hi,
Can someone tell me how to check or view temporary self signed certificate generated by ASA using CLI? Also, is temporary self signed certificate generated once command "http server enable" is entered? And, what happens if disable http server after turning it on, would ASA remove the temporary self signed certificate or would it need to be rebooted in order to remove temporary self signed certificate?
Thanks!!
09-26-2018 05:03 PM
09-26-2018 05:05 PM
Thanks for catching me. Prior to posting here, I attempted to post under the firewall section several times, but it won't let me and kept giving me error. It appears firewall and IPS/IDS sections are having issues.
09-27-2018 10:35 AM
You can bind it to an interface and then browse to that interface address (you must also permit http(s) to that interface from your source address or subnet).
I don't believe disabling the http server will remove the temporary certificate.
09-27-2018 11:04 AM
Thanks for the comment. Does this mean that temporary self-signed certificate is something we can't get rid of? and would you know where it is stored because I looked in the running config and couldn't find it.
09-27-2018 12:19 PM
Best way to get rid of it is to generate another self-signed certificate (or a public CA) and statically assign that certificate to all the interfaces.
I believe that this certificate is generated with http server or the webvpn feature is enabled. If both of these are disabled, the ASA should not have a socket opened to listen on 443, thus eliminating the need for the ASA to have a cert.
10-01-2018 02:17 PM
show ssl
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide