07-16-2018 03:14 AM - edited 02-21-2020 07:59 AM
Hi everyone
Im upgrading the firewall hardware. I saved the identity certificates from the old firewall and then I took a screenshot of the ASDM which has the identity certificate information.
I then realised that one of the certificates has more than one associated trustpoint in the screenshot. I can see one trustpoint then a comma and then i cant completely read the second associated trustpoint.
I no longer have access to the ASDM but i can get hold of the config file. I want to try to add the identity certifiacte via the ASDM as i'm more comfortable with it.
My question is, is there any way i can find out what the second associated trustpoint is from the config file? If i can, is it possible to just add the ID cert via ASDM by entering the certificate name as the two associated trustpoints separated by a comma?
thanks
07-16-2018 06:49 AM
what are you using the certs for? just for ASDM?
also, exporting the cert is not enough, you will need to export the private and public RSA keys as well.
imho, you will ne better off generating new keys and subsequent cers
07-16-2018 07:22 AM
Hi Dennis
When you save the identity certificate from the old firewall isnt the rsa key included?
the certificate will be used for remote access vpn
thanks
07-16-2018 01:45 PM
NO, saving a cert is not the same as saving key, those are two distinctly different things.
however,
try this:
https://www.fragmentationneeded.net/2015/04/exporting-rsa-keys-from-cisco-asa.html
the PKCS does include the private key.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: