Digital Certificates

By default, a digital certificate is required to be used by the ASA acting as an SSL VPN server. It uses a self-signed digital certificate by default. In most production environments, the company applies for and implements a digital certificate signed by a well-known public key infrastructure (PKI) server so that clients connecting will also trust that common certificate authority (CA) server and not receive a warning about an unknown certificate. Also on the page shown in Figure 8-2, you indicate the URL that customers could use that would associate them with the correct group. For example, you may have many different SSL VPN groups, with different rights and different users as members of those groups, and handing out the correct URLs to use could make it easier for the initial connection. Another option that is available is to display all the groups from a drop-down list, from which the user could choose which group to connect to. From this page, click Next to continue.