APHA-ASA5585VPN# sh run | inc crypto pki
APHA-ASA5585VPN# sh run | inc crypto
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal DES
crypto ipsec ikev2 ipsec-proposal 3DES
crypto ipsec ikev2 ipsec-proposal AES
crypto ipsec ikev2 ipsec-proposal AES192
crypto ipsec ikev2 ipsec-proposal AES256
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint VPN_TrustPoint
crypto ca trustpoint ASDM_TrustPoint0
crypto ca trustpoint ASDM_TrustPoint1
crypto ca trustpoint ASDM_TrustPoint2
crypto ca trustpoint ASDM_VPNTrustPoint
crypto ca trustpoint VPNTrustPoint
crypto ca trustpoint VPNTrustPoint2
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint0
crypto ca certificate chain ASDM_VPNTrustPoint
crypto ca certificate chain VPNTrustPoint
crypto isakmp identity hostname
no crypto isakmp nat-traversal
crypto ikev2 policy 1
crypto ikev2 policy 10
crypto ikev2 policy 20
crypto ikev2 policy 30
crypto ikev2 policy 40
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 10
crypto ikev1 policy 30
crypto ikev1 policy 50
crypto ikev1 policy 70
crypto ikev1 policy 90
  add-command "show crypto ipsec sa"
  add-command "show crypto isakmp sa"
  add-command "show crypto protocol statistics all"

Base on above show run, there is no crypto pki running on this device. I am not able to pick up self signed crypto key from this device, and I believe it is required for CCP to connect.

If I enable crypto key gen rsa, what kind of impact will I do to our VPN users? This ASA device is only doing VPN service at this point. Will I mess up our VPN certificates?

Thank you answering my questions.