topic Assuming you're using a self in Network Security

ASDM ssl key size for http server

mhall — Tue, 26 Mar 2019 00:54:45 GMT

All,

question - my understanding was that the ASDM/GUI uses the general public key to generate it's ssl cert - e.g.

when browsing to the ASA for https:// ASDM access -

customer would like to change the ssl cert from 1024 bits 2048.

any ideas how I do that?

I changed the default public key to 2048 - e.g.

"crypto key generate rsa general-keys modulus 2048"

then disabled and re-enabled ASDM via

"no http server enable " and "http server enable"

when I access the asdm webpage still seeing a 1024 bit cert for it...

Thanks,

Assuming you're using a self

Marvin Rhoads — Tue, 20 Jan 2015 18:57:37 GMT

Assuming you're using a self-signed identity certificate here, you need to add a new identity certificate and specify that it uses the new 2048-bit key.

Something like this:

crypto key generate rsa label 2048-bit-rsakey modulus 2048 noconfirm

crypto ca trustpoint ASDM_TrustPoint2
revocation-check none
keypair 2048-bit-rsakey
id-usage ssl-ipsec
no fqdn
subject-name CN=<your ASA common name>
enrollment self
crypto ca enroll ASDM_TrustPoint2 noconfirm

You can then delete the old identity certificate.