11-04-2008 07:55 AM - edited 02-21-2020 03:04 AM
Hi,
I'm using Clientless SSL VPN, but am not sure if I am using certificates etc, how can I check?
Do I need to buy any or can the ASA create them.
Thanks
11-10-2008 08:54 AM
SSL uses digital certificates for authentication. The security appliance creates a self-signed SSL server certificate when it boots; or you can install in the security appliance an SSL certificate that has been issued in a PKI context. For HTTPS, this certificate must then be installed on the client. You need to install the certificate from a given security appliance only once.Once the "crypto ca server" command executes, the Local CA is generated on the ASA. A self-signed certificate is created and associated with that Local CA on the security appliance when you execute the no shutdown command. The self-signed certificate key usage extension has key encryption, key signature, CRL signing, and certificate signing ability.
Digital certificates in SSL vpn:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/webvpn.html#wp1238768
configuring the Local CA nad creating Self-Signed Certificate:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cert_cfg.html#wp1067517
11-10-2008 09:51 AM
Thanks for spending the time to answer my question.
When I use my ie7 browser to connect to https://asaip it ask if I want to connect to this untrusted site, does this mean that a certificate is in use here, as I have get to configure anything. I have simply used the asdm to set this.
I understand I could buy a certificate from verisign but am happy using the built in self certificate.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide