Hello folks,
I just configured SSLVPN on an ASA 9.8 for the first time - it works as expected. However, users connecting to the ASA get a warning from Cisco AnyConnect: "Security Warning: Untrusted Server Certificate!".
This makes sense as I generated a self-signed certificate on the ASA itself:
fw01-1(config)# crypto key generate rsa label sslvpnkey
fw01-1(config)# crypto ca trustpoint localtrust
fw01-1(config-ca-trustpoint)# enrollment self
fw01-1(config-ca-trustpoint)# fqdn sslvpn.foo.bar
fw01-1(config-ca-trustpoint)# subject-name CN=sslvpn.foo.bar
fw01-1(config-ca-trustpoint)# keypair sslvpnkey
fw01-1(config-ca-trustpoint)# crypto ca enroll localtrust noconfirm
fw01-1(config)# ssl trust-point localtrust OUSIDE_WAN
My idea is to export the certificate from the ASA and roll it out to the clients as a trusted local certificate. However, I dont see any certificates, trustpoints etc. in ASDM nor on the CLI:
fw01-1# show crypto ca trustpoints
fw01-1# show crypto ca certificates
(above commands don't give any output)
What am I doing wrong?
Thanks in advance!