cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


492
Views
5
Helpful
3
Replies
Highlighted
Beginner

Identity certificate has expired. Need some advice

Hi All

 

Im in the middle of upgrading a firewall to a newer 5525X. I transferred the config over but i then realised that the identity certificate has expired in 2016. The CA certificate expires in 2021. 

 

My question is. Do i have to get a new identity certificate and is the identity certificate linked to the CA certificate? Would I also have to get a new CA certificate or can i just get a new identity certificate and everything else is all good? 

 

What would be the best process of going about this? 

 

Thanks

 

 

3 REPLIES 3
Highlighted
Enthusiast

Re: Identity certificate has expired. Need some advice

Hello @faghouri83

 

You can generate the CSR on the ASA but that depends on where you are going to ask for the certificate, for example if you own the CA, probably it will be the same CA certificate and you just upload the identity one but if you are doing it through a third party (GoDaddy, Comodo, Geotrust, Verisign...etc) you handle the CSR to them and they will give the certificate chain, it can be the same CA or a new one. 

 

HTH

Gio

Highlighted
Beginner

Re: Identity certificate has expired. Need some advice

Hi

 

Thanks for your reply.

 

I have just thecked the identity ceertificate and it looks as though its a certificate from verisign. what would i need to do on the firewall so i can get a new certificate from them?

 

 

Thanks

 

 

Highlighted
Enthusiast

Re: Identity certificate has expired. Need some advice

Hello @faghouri83

 

You need to create the CSR on the ASA in order to send the information to Verisign (now Symantec), you can follow this link, until step 13.

 

Step 14 will be the process on Symantec in order to deliver the CSR and sign the certificate, for that you can follow this link.

 

After you get the certificate, you can go to the first link and go to the part where it says "Step 4. Install the Certificate", once you install it verify the certificate is OK and change the configuration on SSL settings to put it on the interface the connections are going to land. Everything should be covered here :)

 

HTH

Gio