Cisco ASA Anyconnect Self Signed Certificate

This topic is to discuss the following lesson:

Is there any chance we could get a guide for importing certs from a certificate authority?

Hello Chris

That sounds like a great idea. I suggest you go to the Member Ideas section of the site and post a suggestion to have the topic added.

I hope this has been helpful!


I already try the configuration on the Anyconnect self-signed certificate , but I already get no valid certificate available for authentication. When I write the command sh crypto ssl the result is :

SSL trust-points:
  Self-signed (RSA 2048 bits RSA-SHA256) certificate available
  Self-signed (EC 256 bits ecdsa-with-SHA256) certificate available
  Interface outside: SELF_TRUSTPOINT (RSA 1024 bits RSA-SHA1)
Certificate authentication is not enabled

does this error has to do with Certificate authentication is not enable message?

Hello Alvaro

The “no valid certificate available for authentication” error message usually indicates that the client does not have a valid certificate that can be used for authentication. To resolve this issue, you will need to ensure that the client has a valid certificate that meets the requirements of the server. Some things you can check include the following:

  • Have you imported the certificate to the user’s computer successfully?
  • What kind of error message do you receive on the client’s screen?
  • Are there any other indications on the ASA of the attempted connection to ASA?
  • Do you get the same output as in the lesson for the show crypto ca certificates command?

Now the “Certificate authentication is not enabled” error seems to indicate that certificate-based authentication is not configured or enabled on the device. Here you can check to see if the ssl trust-point command is configured correctly.

Let us know your results so that we can help you further.

I hope this has been helpful!