Core issue
The RSA keys that are needed for secure shell (SSH) access to the device do not appear in the configuration. The cryptochecksum is all zeros in the output of the show run command, and there is no output from the show ca mypubkey rsa command.
When you issue the write memory all command from the system context, the Firewall Services Module (FWSM) indicates that the command has failed.
Resolution
Issue the write memory and ca save all commands on the active FWSM. The saved configurations and RSA keys can be checked with the show start and show ca mypubkey rsa commands.
Note: The all option for the write memory command in FWSM is introduced in version 3.1(1).
The general purpose key is generated when the ca generate rsa key command is issued and the encryption key is for SSH. The encryption key does not show up until a user SSHs to the FWSM.