Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2580
Views
0
Helpful
4
Replies

Certificate for ASDM access to ASA

markus.albisser1
Level 1
Level 1

‎01-24-2014 02:38 AM - edited ‎03-11-2019 08:35 PM

Hi all

Who knows where the ceritifcate on the ASA can be edited/deleted/renewed which is responsible for the access via ASDM? With the "show crypto key mypubkey rsa" I get all certificates, but none matches with the modulus I can see when I access the ASA with a webbroser to https://asa-name

Thank you

Markus

Labels:
0 Helpful
4 Replies 4

Julio Carvajal
VIP Alumni
VIP Alumni

‎01-24-2014 04:38 AM

Hello Markus,

This is a Self-Signed Certificate that is created every single time the ASA reboots.

You can make it permanent altough.

Its show crypto ca trustpoints to see the one available and then you can modify as needed.

You can configure it manually and also enable it on the right interface with the command ssl trustpoint "name" name_if

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

johnlloyd_13
Level 9
Level 9

‎01-24-2014 06:22 AM

Hi,

In ASDM, go to Configuration > Device Managment > Certificate Management.


Sent from Cisco Technical Support iPhone App

0 Helpful

markus.albisser1
Level 1
Level 1

‎01-24-2014 06:46 AM

Thanks guys for your quick reply.

The point is that when I check the certificates with "show crypto ca certificates", none of these certificates has the serial number which I can see when I connect with the browser. So I still was not able to find the certificate with this serial number on the ASA.

I also have three trustpoints configured for the ASDM: ASDM_TrustPoint0, hostname-Trustpoint and ASDM_TrustPoint. For the ASDM_Trustpoint, I generated a new self-signed certificate, so this is also what I can see. But the connection with the browser don't show me this certificate from the trustpoint ASDM_TrustPoint.

So which Trustpoint now is responsible to provide the certificate for the browser session? Of course I can delete them?

Thanks

Markus

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to markus.albisser1

‎01-24-2014 07:39 AM

Hey you still need to set the one you plan to use

ssl trustpoint name outside

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card