Why my ASA presents a self signed certificate?
This issue presents itself when an RSA keypair is used with the certificate.
On ASA versions from 9.4(1) onwards, all the ECDSA and RSA ciphers are enabled by default and the strongest cipher (usually an ECDSA cipher) will be used for negotiation.
If this happens, the ASA presents a Self-Signed certificate instead of the currently configured RSA-based certificate. There is an enhancement in place to change the behaviour when an RSA-based certificate is installed on an interface and is tracked by Cisco bug ID CSCuu02848.
How to fix it: Disable ECDSA ciphers with these CLI commands:
ssl cipher tlsv1.2 custom "AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA"
