Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
881
Views
5
Helpful
3
Replies

Associated Trustpoints question when installing identity certificate via ASDM

faghouri83
Level 1
Level 1

‎07-16-2018 03:14 AM - edited ‎02-21-2020 07:59 AM

Hi everyone

 

Im upgrading the firewall hardware. I saved the identity certificates from the old firewall and then I took a screenshot of the ASDM which has the identity certificate information. 

 

I then realised that one of the certificates has more than one associated trustpoint in the screenshot. I can see one trustpoint then a comma and then i cant completely read the second associated trustpoint. 

 

I no longer have access to the ASDM but i can get hold of the config file. I want to try to add the identity certifiacte via the ASDM as i'm more comfortable with it. 

 

My question is, is there any way i can find out what the second associated trustpoint is from the config file? If i can, is it possible to just add the ID cert via ASDM by entering the certificate name as the two associated trustpoints separated by a comma? 

 

thanks 

Labels:
0 Helpful
3 Replies 3

Dennis Mink
VIP Alumni
VIP Alumni

‎07-16-2018 06:49 AM

what are you using the certs for? just for ASDM? 

 

also, exporting the cert is not enough, you will need to export the private and public RSA keys as well.

 

imho, you will ne better off generating new keys and subsequent cers

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

faghouri83
Level 1
Level 1
In response to Dennis Mink

‎07-16-2018 07:22 AM

Hi Dennis

 

When you save the identity certificate from the old firewall isnt the rsa key included?

 

the certificate will be used for remote access vpn

 

 

thanks

 

 

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni
In response to faghouri83

‎07-16-2018 01:45 PM

NO, saving a cert is not the same as saving key, those are two distinctly different things.

 

however,

 

try this:

 

https://www.fragmentationneeded.net/2015/04/exporting-rsa-keys-from-cisco-asa.html

 

the PKCS does include the private key.

Please remember to rate useful posts, by clicking on the stars below.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card