Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1542
Views
0
Helpful
1
Replies

ASA 9.8 How to export self-signed certificate?

ac5nwdude
Level 1
Level 1

‎11-02-2018 07:46 AM

Hello folks,

 

I just configured SSLVPN on an ASA 9.8 for the first time - it works as expected. However, users connecting to the ASA get a warning from Cisco AnyConnect: "Security Warning: Untrusted Server Certificate!".

 

This makes sense as I generated a self-signed certificate on the ASA itself:

 

fw01-1(config)# crypto key generate rsa label sslvpnkey
fw01-1(config)# crypto ca trustpoint localtrust
fw01-1(config-ca-trustpoint)# enrollment self
fw01-1(config-ca-trustpoint)# fqdn sslvpn.foo.bar
fw01-1(config-ca-trustpoint)# subject-name CN=sslvpn.foo.bar
fw01-1(config-ca-trustpoint)# keypair sslvpnkey
fw01-1(config-ca-trustpoint)# crypto ca enroll localtrust noconfirm
fw01-1(config)# ssl trust-point localtrust OUSIDE_WAN

My idea is to export the certificate from the ASA and roll it out to the clients as a trusted local certificate. However, I dont see any certificates, trustpoints etc. in ASDM nor on the CLI:

 

fw01-1# show crypto ca trustpoints 
fw01-1# show crypto ca certificates

(above commands don't give any output)

 

What am I doing wrong?

 

Thanks in advance!

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎11-02-2018 10:15 AM

It is much easier: Go to your https-FQDN with Firefox, click on the certificate icon and in the details of the certificate view you can export the certificate. This way you also make sure that you don't accidentally export the private key of your certificate.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card