- Open up powershell-
$rootcert = New-SelfSignedCertificate -Type Custom `
-Subject "CN=ASARoot" `
-KeyExportPolicy Exportable `
-KeySpec Signature `
-HashAlgorithm sha256 `
-KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-KeyUsageProperty Sign `
-KeyUsage CertSign
- Run MMC, add Certficiates, User, go to personal, Export, no to private key, pick Base-64 encoded, save file.
- Log into ASA-
MyASA(config)# crypto ca trustpoint ASACERT
MyASA(config-ca-trustpoint)# no ca-check
MyASA(config-ca-trustpoint)# enrollment terminal
MyASA(config-ca-trustpoint)# no id-usage
MyASA(config-ca-trustpoint)# exit
MyASA(config)# crypto ca authenticate ASACERT
- Log into ASDM, Network Client Access, Anyconnect Connection Profiles, select profile and click Edit, set authentication to certificate only.