https://community.cisco.com/t5/network-security/backup-restore-keys/m-p/1716590#M537270 <HTML><HEAD></HEAD><BODY><P>asa1# sh crypto key mypubkey rsa </P><P>Key name: blah</P><P> Usage: General Purpose Key</P><P> Modulus Size (bits): 2048</P><P> Key Data:</P><P>.....</P><P>asa1#conf t</P><P>asa1(config)# crypto ca export blah identity-certificate</P><P>ERROR: The trustpoint does not exist</P><P></P><P></P><P><span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P></BODY></HTML> Mon, 27 Jun 2011 04:57:28 GMT Gordon Ross 2011-06-27T04:57:28Z https://community.cisco.com/t5/network-security/backup-restore-keys/m-p/1716588#M537267 <P>How do you backup &amp; restore the crypto keys on an ASA ?</P><P></P><P>GTG</P> Mon, 11 Mar 2019 20:50:58 GMT https://community.cisco.com/t5/network-security/backup-restore-keys/m-p/1716588#M537267 Gordon Ross 2019-03-11T20:50:58Z https://community.cisco.com/t5/network-security/backup-restore-keys/m-p/1716589#M537269 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>You can use the "crypto ca export/import" commands to export and restore crypto keys.</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c5.html#wp2224326">http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c5.html#wp2224326</A></P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c5.html#wp2224488">http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c5.html#wp2224488</A></P><P></P><P>Hope this helps.</P></BODY></HTML> Sun, 26 Jun 2011 22:48:11 GMT https://community.cisco.com/t5/network-security/backup-restore-keys/m-p/1716589#M537269 Allen P Chen 2011-06-26T22:48:11Z https://community.cisco.com/t5/network-security/backup-restore-keys/m-p/1716590#M537270 <HTML><HEAD></HEAD><BODY><P>asa1# sh crypto key mypubkey rsa </P><P>Key name: blah</P><P> Usage: General Purpose Key</P><P> Modulus Size (bits): 2048</P><P> Key Data:</P><P>.....</P><P>asa1#conf t</P><P>asa1(config)# crypto ca export blah identity-certificate</P><P>ERROR: The trustpoint does not exist</P><P></P><P></P><P><span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P></BODY></HTML> Mon, 27 Jun 2011 04:57:28 GMT https://community.cisco.com/t5/network-security/backup-restore-keys/m-p/1716590#M537270 Gordon Ross 2011-06-27T04:57:28Z https://community.cisco.com/t5/network-security/backup-restore-keys/m-p/1716591#M537271 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I apologize for the confusion, I thought your keys were associated with a trustpoint already.&nbsp; On the ASA, you will not be able to keys directly.&nbsp; You will need to put your rsa key into a trustpoint first.&nbsp; You can then export the certificates + key in a pkcs12 and then extract the key from it using something like openssl.</P><P></P><P>For example, I have created a key on my ASA called testkey and have exported it below: </P><P></P><P>GENERTATING KEY... </P><P></P><P>asa(config)#&nbsp; crypto key generate rsa label testkey mod 1024 </P><P></P><P>MAKING DUMMY TRUSTPOINT... </P><P></P><P>asa(config)#&nbsp; crypto ca trust dummy </P><P>asa(config-ca-trustpoint)# keypair testkey </P><P></P><P>EXPORTING KEY... </P><P></P><P>asa(config)# crypto ca export dummy pkcs12 cisco123 </P><P></P><P>WARNING: Temporary self-signed certificate is being generated to export the keypair since an associated ID certificate is not available. </P><P></P><P>Hope this helps.</P></BODY></HTML> Mon, 27 Jun 2011 17:37:54 GMT https://community.cisco.com/t5/network-security/backup-restore-keys/m-p/1716591#M537271 Allen P Chen 2011-06-27T17:37:54Z