1-6
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Configuring Clientless SSL VPN
  Clientless SSL VPN Server Certificate Verification
Figure 1-2 Same URL Rewritten by Security Appliance and displayed on the Browser Window
Disabling URL Entry on the Portal Page
The portal page is the page that opens when the user establishes a browser-based connection. Follow 
these steps to disable the URL entry on the portal page.
Prerequisites
• Configure a group policy for all users who need clientless SSL VPN access, and enable clientless 
SSL VPN only for that group policy.
Detailed Steps
Clientless SSL VPN Server Certificate Verification
When connecting to a remote SSL-enabled server through clientless SSL VPN, it is important to know 
that you can trust the remote server, and that it is in fact the server you are trying to connect to. ASA 9.0 
introduces support for SSL server certificate verification against a list of trusted certificate authority 
(CA) certificates for clientless SSL VPN.
When you connect to a remote server via a web browser using the HTTPS protocol, the server will 
provide a digital certificate signed by a CA to identify itself. Web browsers ship with a collection of CA 
certificates which are used to verify the validity of the server certificate. This is a form of public key 
infrastructure (PKI). 
Just as browsers provide certificate management facilities, so does the ASA in the form of trusted 
certificate pool management facility: trustpools. This can be thought of as a special case of trustpoint 
representing multiple known CA certificates. The ASA includes a default bundle of certificates, similar 
to that provided with web browsers, but it is inactive until activated by the administrator by issuing the 
crypto ca import default command.
Command Purpose
Step 1
webvpn
Switches to group policy webvpn configuration 
mode.
Step 2
url-entry
Controls the ability of the user to enter any 
HTTP/HTTP URL.
Step 3
(Optional) url-entry disable
Disables URL entry.