06-26-2011 02:33 PM - edited 03-11-2019 01:50 PM
How do you backup & restore the crypto keys on an ASA ?
GTG
06-26-2011 03:48 PM
Hello,
You can use the "crypto ca export/import" commands to export and restore crypto keys.
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c5.html#wp2224326
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c5.html#wp2224488
Hope this helps.
06-26-2011 09:57 PM
asa1# sh crypto key mypubkey rsa
Key name: blah
Usage: General Purpose Key
Modulus Size (bits): 2048
Key Data:
.....
asa1#conf t
asa1(config)# crypto ca export blah identity-certificate
ERROR: The trustpoint does not exist
:-(
06-27-2011 10:37 AM
Hello,
I apologize for the confusion, I thought your keys were associated with a trustpoint already. On the ASA, you will not be able to keys directly. You will need to put your rsa key into a trustpoint first. You can then export the certificates + key in a pkcs12 and then extract the key from it using something like openssl.
For example, I have created a key on my ASA called testkey and have exported it below:
GENERTATING KEY...
asa(config)# crypto key generate rsa label testkey mod 1024
MAKING DUMMY TRUSTPOINT...
asa(config)# crypto ca trust dummy
asa(config-ca-trustpoint)# keypair testkey
EXPORTING KEY...
asa(config)# crypto ca export dummy pkcs12 cisco123
WARNING: Temporary self-signed certificate is being generated to export the keypair since an associated ID certificate is not available.
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide