We are working in a project to migrate from Cisco ACE to a new platform. We need to export certificates and keys from the Cisco ACE. We have issues with some keys, as they can only be exported encrypted and we cannot recover all passwords.
All private keys involved are marked exportable, as displayed when I execute "show crypto file"
Is there a way to extract the key files in a usable format? Extracting the key or removing the key are both suitable options.
Using "crypto export keyname terminal", keys are displayed in pem format, but with a (sometimes) unrecoverable key.
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,
<snip>
-----END RSA PRIVATE KEY-----
The ACE must be aware of the password, else it would not be able to use the key after a reboot.