I was a bit surprised to see "the ASA does not permit communication with sites that have invalid certificates." Does that mean if an internal web server has a self-signed cert, then the ASA will not allow the client to access it?

One of the major benefits of Clientless SSL VPN is it lessens the need for an internal CA and Certs for each service. So I don't understand why the ASA would be so strict about this.