Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

ASA: Self-Signed Certificate for WebVPN

Reference document for quick configuration of self-signed certificate  for WebVPN on an ASA.

Notes:

-The URL for  your webvpn should be used as the fqdn and subject-name in the  trustpoint config. If they do not match, you will see errors about a  mismatch when you access your webvpn URL and the certificate is  presented.

-This is a self-signed cert. That means the end users  browser does not have any knowledge of the ASA as a CA authority. This  means you have to install the cert the first time it is presented to say  you trust the ASA as a CA authority. You should only need to install it  once.

1. Prepare your ASA:

hostname  myasa

domain-name cisco.com

clock set 00:00:00 1 Jan 2010

clock  set timezone EST -5

2. Get to creating the  certificate:

crypto key generate rsa label sslvpnkeypair  modulus 1024

crypto ca trustpoint self

     enroll self

      fqdn myasa.cisco.com

     subject-name CN=myasa.cisco.com

      keypair sslvpnkeypair

crypto ca enroll self noconfirm

3.  Apply the new certificate:

ssl trust-point self outside

4.  Save the config:

write mem

Comments
New Member

Hi Friend,

Thank you for your tutorial to enroll self certificate web VPN ASA.

But after following your step by step instruction, it still doesn't work for me.

I changed the following lines to my own name.

hostname  vpn

domain-name mydomain.com

fqdn vpn.mydomain.com

subject-name CN=vpn.mydomain.com

Any idea for this case ?

thanks in advance.

Cisco Employee

The comments section of this post is not the appropriate place for troubleshooting. Please try the instructions again or if you're still having trouble, open a TAC support case (provide them your config and a description or screenshot of the error you are getting).

26662
Views
5
Helpful
2
Comments