I have an SSL certificate on my ASA 5520 (running 8.3(2)) code that is expiring soon. My current certificate that was installed a few years ago was created with a key pair bit size of 1024. My certificate authority will only issue certs now with a minimum key pair bit size of 2048. Via the ASDM the only way I can see to renew this certificate is to generate a 'new' identity certificate so I can create the CSR with a 2048 bit size, but in doing so it seems to force me to enter a new key pair name saying the current one (with the 1024 bit size) already exists. How can I create a CSR with a 2048 bit size and yet keep the same key pair name? Are any of you aware of Cisco documentation that addresses this?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Renewing SSL certificate on ASA for VPN (2048 bit, versus 1024) 1
- Thread starter hinesjrh
- Start date
-
1
- #2
I think you would have to delete the existing key pair if you want to use the same name. It would be easier just to create a new pair then re-assign the trustpoint once you have the new cert ready.
This is what i did recently, once you have the new cert in place go to device management - Advanced - SSL Settings, here you can edit where the trustpoints are assigned to.
This is what i did recently, once you have the new cert in place go to device management - Advanced - SSL Settings, here you can edit where the trustpoints are assigned to.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question