Certificate question for Clientless SSL on ASA 5520

Unanswered Question
Nov 4th, 2008

Hi,

I'm using Clientless SSL VPN, but am not sure if I am using certificates etc, how can I check?

Do I need to buy any or can the ASA create them.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sadbulali Mon, 11/10/2008 - 08:54

SSL uses digital certificates for authentication. The security appliance creates a self-signed SSL server certificate when it boots; or you can install in the security appliance an SSL certificate that has been issued in a PKI context. For HTTPS, this certificate must then be installed on the client. You need to install the certificate from a given security appliance only once.Once the "crypto ca server" command executes, the Local CA is generated on the ASA. A self-signed certificate is created and associated with that Local CA on the security appliance when you execute the no shutdown command. The self-signed certificate key usage extension has key encryption, key signature, CRL signing, and certificate signing ability.

Digital certificates in SSL vpn:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/webvpn.html#wp1238768

configuring the Local CA nad creating Self-Signed Certificate:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cert_cfg.html#wp1067517

whiteford Mon, 11/10/2008 - 09:51

Thanks for spending the time to answer my question.

When I use my ie7 browser to connect to https://asaip it ask if I want to connect to this untrusted site, does this mean that a certificate is in use here, as I have get to configure anything. I have simply used the asdm to set this.

I understand I could buy a certificate from verisign but am happy using the built in self certificate.

Thanks

Actions

This Discussion