Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1915
Views
0
Helpful
4
Replies

Why ASA creates self assigned certificate on each reboot

Go to solution
mahesh18
Level 6
Level 6

‎07-14-2013 11:19 AM - edited ‎03-11-2019 07:12 PM

Hi Everyone,

I noticed

"By default, the security appliance has a self-signed certificate  that is regenerated every time the device is rebooted. We can purchase  your own certificate from vendors, such as Verisign t, or you  can configure the ASA to issue an identity certificate to itself. This  certificate remains the same even when the device is rebooted.

Need to know the reason behind the creation of self assigned certificate on each reboot?

Regards

MAhesh

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎07-14-2013 06:13 PM

Hello Mahesh,

As you mention that's by default and by desing,

That would help us in the case we set a SSL session to the box (Anyconnect, ASDM) as we will not need to go a step further and manually create or generate an SSL certificate,

Why?

Because the firewall will do it automatically, altough if you purchase one from a CA you can overwrite it by installing the certificate and set it as the SSL certificate for any SSL session,

For Networking Posts check my blog at http://laguiadelnetworking.com/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎07-15-2013 09:50 AM

It does make setup easier. you can also create a self-signed certificate and make that persistent and associated with your SSL VPN and/or device management.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎07-14-2013 06:13 PM

Hello Mahesh,

As you mention that's by default and by desing,

That would help us in the case we set a SSL session to the box (Anyconnect, ASDM) as we will not need to go a step further and manually create or generate an SSL certificate,

Why?

Because the firewall will do it automatically, altough if you purchase one from a CA you can overwrite it by installing the certificate and set it as the SSL certificate for any SSL session,

For Networking Posts check my blog at http://laguiadelnetworking.com/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎07-15-2013 09:39 AM

Thanks Julio

Regards

Mahesh

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎07-15-2013 09:50 AM

It does make setup easier. you can also create a self-signed certificate and make that persistent and associated with your SSL VPN and/or device management.

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Marvin Rhoads

‎07-15-2013 09:51 AM

Hi Marvin,

Thanks for replying.

Best Regards

Mahesh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card