Hi, I have done the below steps, wondered if the steps are wrong or have I missed out any step, I get a certification error when trying to authenticate to standalone FTD 2130 with FDM via Anyconnect.  (to prevent the untrusted warning popout).

I have create a self-signed cert "TEMP_SELF_SIGNED", bind it to the External Interface, configured to authenticate by Cert only.

My questions would be as below.

1. Is there a need to import the self-signed cert to the clients' laptops ?  If yes, I cannot find the "Export" button anywhere, or can it be done by CLI only ?  Or can it be only done as per link below ?  Launch the URL and export the cert out first ?

https://community.cisco.com/t5/network-security/ftd-7-0-5-export-certificate-of-device-identity/td-p/4770708

2. If the above questions is "No", from what i see from the help file it says "Verify that the user is accepting the cert presented by the outside interface should accept it permanently"  Does this mean there is no need to import the cert to the clients PC manually, it will be done automatically by FTD itself ?  (Attached screenshot)

3. I noticed the error "Certificate authentication is not enabled", might this be the reason for the failure ?

Attached are the txt files containing the commands "show crypto SSL", "show crypto ca certificates" and "show crypto ca trustpoints",
I will attached the screenshot of the certificate error asap once I got it, its something like "Invalid Cert".

Appreciate if someone would help me out with this, thanks.