Certificate question for Clientless SSL on ASA 5520

Unanswered Question
Nov 4th, 2008
User Badges:

Hi,


I'm using Clientless SSL VPN, but am not sure if I am using certificates etc, how can I check?


Do I need to buy any or can the ASA create them.


Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sadbulali Mon, 11/10/2008 - 08:54
User Badges:
  • Bronze, 100 points or more

SSL uses digital certificates for authentication. The security appliance creates a self-signed SSL server certificate when it boots; or you can install in the security appliance an SSL certificate that has been issued in a PKI context. For HTTPS, this certificate must then be installed on the client. You need to install the certificate from a given security appliance only once.Once the "crypto ca server" command executes, the Local CA is generated on the ASA. A self-signed certificate is created and associated with that Local CA on the security appliance when you execute the no shutdown command. The self-signed certificate key usage extension has key encryption, key signature, CRL signing, and certificate signing ability.


Digital certificates in SSL vpn:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/webvpn.html#wp1238768

configuring the Local CA nad creating Self-Signed Certificate:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cert_cfg.html#wp1067517

whiteford Mon, 11/10/2008 - 09:51
User Badges:

Thanks for spending the time to answer my question.


When I use my ie7 browser to connect to https://asaip it ask if I want to connect to this untrusted site, does this mean that a certificate is in use here, as I have get to configure anything. I have simply used the asdm to set this.


I understand I could buy a certificate from verisign but am happy using the built in self certificate.


Thanks

Actions

This Discussion