cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


4330
Views
0
Helpful
3
Replies
Highlighted
Collaborator

Backup & Restore keys

How do you backup & restore the crypto keys on an ASA ?

GTG

Please rate all helpful posts.
Everyone's tags (5)
3 REPLIES 3
Contributor

Backup & Restore keys

Collaborator

Backup & Restore keys

asa1# sh crypto key mypubkey rsa

Key name: blah

Usage: General Purpose Key

Modulus Size (bits): 2048

Key Data:

.....

asa1#conf t

asa1(config)# crypto ca export blah identity-certificate

ERROR: The trustpoint does not exist

:-(

Please rate all helpful posts.
Contributor

Backup & Restore keys

Hello,

I apologize for the confusion, I thought your keys were associated with a trustpoint already.  On the ASA, you will not be able to keys directly.  You will need to put your rsa key into a trustpoint first.  You can then export the certificates + key in a pkcs12 and then extract the key from it using something like openssl.

For example, I have created a key on my ASA called testkey and have exported it below:

GENERTATING KEY...

asa(config)#  crypto key generate rsa label testkey mod 1024

MAKING DUMMY TRUSTPOINT...

asa(config)#  crypto ca trust dummy

asa(config-ca-trustpoint)# keypair testkey

EXPORTING KEY...

asa(config)# crypto ca export dummy pkcs12 cisco123

WARNING: Temporary self-signed certificate is being generated to export the keypair since an associated ID certificate is not available.

Hope this helps.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here