I have been doing some troubleshooting with ASDM being unable to connect due not valid certifcate to the ASA. If you have the same issue these are the steps you can take to resolve the issue.

Step 1: Zeroize the DEFAULT certifcate on ASA

Use following command:

crypto key zeroize RSA default nonconfirm

Step 2: Generate new RSA key-pair Ensure you have hostname and domain configured on the asa https://www.cisco.com/c/en/us/support/docs/security/vpn-client-tools/220282-install-and-renew-certificates-on-asa-ma.html

crypto key generate RSA label SELF-SIGNED-KEYPAIR modulus 2048
show crypto key mypubkey rsa

Step 3: Create a trustpoint with a specific name. Configure enrollment type self.

crypto ca trustpoint SELF-SIGNED
enrollment self
fqdn abc.example.com
keypair SELF-SIGNED-KEYPAIR

Step 4: Enroll the trustpoint and generate the certificate

crypto ca enroll SELF-SIGNED
show crypto ca certificates SELF-SIGNED

Step 5: Reconfigure the ASA to use the new trustpoint instead of the old one.

ssl trust-point SELF-SIGNED

And finally validate using the show running-config ssl command

<
Previous Post
Flipper Zero Lets You Copy and Modify NFC Tags
>
Blog Archive
Archive of all previous blog posts