Cisco Support Community
Community Member

Certificate question for Clientless SSL on ASA 5520


I'm using Clientless SSL VPN, but am not sure if I am using certificates etc, how can I check?

Do I need to buy any or can the ASA create them.


Community Member

Re: Certificate question for Clientless SSL on ASA 5520

SSL uses digital certificates for authentication. The security appliance creates a self-signed SSL server certificate when it boots; or you can install in the security appliance an SSL certificate that has been issued in a PKI context. For HTTPS, this certificate must then be installed on the client. You need to install the certificate from a given security appliance only once.Once the "crypto ca server" command executes, the Local CA is generated on the ASA. A self-signed certificate is created and associated with that Local CA on the security appliance when you execute the no shutdown command. The self-signed certificate key usage extension has key encryption, key signature, CRL signing, and certificate signing ability.

Digital certificates in SSL vpn:

configuring the Local CA nad creating Self-Signed Certificate:

Community Member

Re: Certificate question for Clientless SSL on ASA 5520

Thanks for spending the time to answer my question.

When I use my ie7 browser to connect to https://asaip it ask if I want to connect to this untrusted site, does this mean that a certificate is in use here, as I have get to configure anything. I have simply used the asdm to set this.

I understand I could buy a certificate from verisign but am happy using the built in self certificate.


CreatePlease to create content