Reference document for quick configuration of self-signed certificate for WebVPN on an ASA.
Notes:
-The URL for your webvpn should be used as the fqdn and subject-name in the trustpoint config. If they do not match, you will see errors about a mismatch when you access your webvpn URL and the certificate is presented.
-This is a self-signed cert. That means the end users browser does not have any knowledge of the ASA as a CA authority. This means you have to install the cert the first time it is presented to say you trust the ASA as a CA authority. You should only need to install it once.
1. Prepare your ASA:
hostname myasa
domain-name cisco.com
clock set 00:00:00 1 Jan 2010
clock set timezone EST -5
2. Get to creating the certificate:
crypto key generate rsa label sslvpnkeypair modulus 1024
crypto ca trustpoint self
enroll self
fqdn myasa.cisco.com
subject-name CN=myasa.cisco.com
keypair sslvpnkeypair
crypto ca enroll self noconfirm
3. Apply the new certificate:
ssl trust-point self outside
4. Save the config:
write mem