12-21-2015 07:00 PM
Hi All,
I have a case with self-signed certificate of ASA.
Based on tutorial in this forum, I applied this config :
1. Prepare your ASA:
hostname vpn
domain-name mydomain.com
2. Get to creating the certificate:
crypto key generate rsa label sslvpnkeypair modulus 1024
crypto ca trustpoint self
enroll self
fqdn vpn.mydomain.com
subject-name CN=vpn.mydomain.com
keypair sslvpnkeypair
crypto ca enroll self noconfirm
3. Apply the new certificate:
ssl trust-point self outside
4. Save the config:
write mem
But unfortunately, I'm still having problem with the certificate.
Below is the screenshot.
Any idea for this case ?
Thanks in advance.
12-22-2015 07:10 AM
This is normal.
Your browser will not automatically trust certificates signed by the ASA.
If you download the certificate (using the browser tool) and install it locally in your computer's trusted root certificate authority store (and the fqdn you used resolves to the ASA interface), your will no longer get that message.
12-22-2015 07:17 PM
Hi Marvin,
thank you for your feedback.
After I traced the log file, I found the message "Device selects trust-point ASA-self-signed for client outside:"
and found this answer :
https://supportforums.cisco.com/discussion/12722681/cisco-asa-getting-temp-cert-device-selects-trust-point-asa-self-signed-client
This case is solved.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide