Installing a Certificate Using Self-Signed Enrollment

Procedure

Step 1	On the Devices > Certificates screen, choose Add to open the Add New Certificate dialog.
Step 2	Choose a device from the Device drop-down list.
Step 3	Associate a certificate enrollment object with this device in one of the following ways: Choose a Certificate Enrollment Object of the type Self-Signed from the drop-down list. Click (+), to add a new Certificate Enrollment Object, see Adding Certificate Enrollment Objects.
Step 4	Press Add to start the Self Signed, automatic, enrollment process. For self signed enrollment type trustpoints, the CA Certificate status will always be displayed, since the managed device is acting as its own CA and does not need a CA certificate to generate its own Identity Certificate. The Identity Certificate will go from InProgress to Available as the device creates its own self signed identity certificate.
Step 5	Click the magnifying glass to view the self-signed Identity Certificate created for this device.

What to do next

When enrollment is complete, a trustpoint exists on the device with the same name as the certificate enrollment object. Use this trustpoint in the configuration of your Site to Site and Remote Access VPN Authentication Method