KB ID 0001616
I got an email about this last night, I rarely ever use the ASA as a Local CA, But that has now been completely depreciated, (post version 9.12(x)) The documentation tells us;
Local CA server is deprecated in 9.12(1), and will be removed in a later release—When ASA is configured as local CA server, it is enabled to issue digital certificates, publish Certificate Revocation Lists (CRLs), and securely revoke issued certificates. This feature has become obsolete and hence the crypto CA server command is deprecated.
OK, so if you want to ‘self sign’ certificates then you can use Microsoft Certificate Services.
Setting up Microsoft Certificate Services is a subject I’ve ‘done to death’ see the following article;
What about user/computer certificates? See the following article.
Can I automate this? Yes use NDES.
Related Articles, References, Credits, or External Links