We will configure self signed certificate on Cisco ASA for AnyConnect (WebVPN).
1.Generate an RSA key for the certificate. The name should be unique. For example, sslvpnkeypair.
ASA-1(config)#crypto key generate rsa label sslvpnkeypair modulus 1024
INFO: The name for the keys will be: sslvpnkeypair
Keypair generation process begin. Please wait…
2. Create a trustpoint for the self-issued certificate.
ASA-1(config)#crypto ca trustpoint self
3. The fully qualified domain name is used for both fqdn and CN. The name should resolve to the ASA outside interface IP address.
ASA-1(config-ca-trustpoint)#enrollment self
ASA-1(config-ca-trustpoint)#fqdn vpn.amolak.net
ASA-1(config-ca-trustpoint)#subject-name CN=vpn.amolak.net
4. The RSA key is assigned to the trustpoint for certificate creation.
ASA-1(config-ca-trustpoint)#keypair sslvpnkeypair
5. Assign the trustpoint to be used for SSL connections on the outside interface.
ASA-1(config-ca-trustpoint)#crypto ca enroll self noconfirm
% The fully-qualified domain name in the certificate will be: vpn.amolak.net
ASA-1(config)# ssl trust-point self outside
Final Configuration: crypto key generate rsa label sslvpnkeypair modulus 1024 ! crypto ca trustpoint self enrollment self fqdn vpn.amolak.net subject-name CN=vpn.amolak.net keypair sslvpnkeypair ! crypto ca enroll self noconfirm ! ssl trust-point self outside