Self Signed Certs for Network Equipment
So our project recently had a security audit and we got dinged for having self signed certs for remote management access to some of our ASA's. We either have to get certs for them or justify why it's ok for us to run with self signed certs. We manage the ASA's ourselves and have firewall rules in place to minimize where management traffic can come from. The main concern in the audit findings is the possibility of a MITM attack. Additionally there is no DNS so we access the ASA's by their IP's and the CN for the certs is the IP of the ASA.
My question is whether or not there is a way for us to verify that the cert being presented to us when we remotely access our devices is in fact the cert on our ASA. Would this be something as simple as manually verifying the thumbprint of the Cert when accessing the device? I'm relatively new to any type of cert administration so any help would be appreciated.