Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
795
Views
0
Helpful
1
Replies

Change CA certificate only on SSLM

howiesonb
Level 1
Level 1

‎05-26-2011 09:26 AM

Hi

We have recently received a new intermediate CA from our vendor and I was wondering if it is possible to insert this in to the existing trustpoint without having to remove any config. I know I can export the chain with the Intermediate CA, RSA key and Server cert, amend the intermediate CA and paste the chain back in but was hoping to be able to change the intermediate "on the fly" so to speak.

Thanks

Barry

Labels:
0 Helpful
1 Reply 1

pablo.nxh
Level 3
Level 3

‎05-26-2011 11:15 AM

Hi Barry,

It's been a while since the last time I got my hands on a SSLM but I think this procedure should help =)

1- Go to the SSLM and look for the serial number of the old CA:

1. SSLM-1#show crypto ca certificate

Certificate

  Status Available

  Certificate Serial Number: 759FD8F9B32200D70A01F10D5C0166

2- SSLM-1 (config)#crypto ca certificate chain my_trustpoint


3- SSLM-1 (config-cert-chain)#no certificate 759FD8F9F9B32200D70A01F10D5C0166
Are you sure you want to remove the certificate? [yes/no]: y

%The certificate has been deleted/unassociated for trustpoint my_trustpoint

4- SSLM-1 # (config-cert-chain)#exit

%STE-6-PKI_CERT_ROLLOVER_BEGIN: The process of rolling over the certificate without the sudden loss of services has begun for the proxy service: mycommnet

5- SSLM-1(config)#crypto ca import my_trustpoint certificate

copy and paste your new cert

HTH
__ __
Pablo

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card