Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
759
Views
0
Helpful
1
Replies

CA Change

HELMUT DACHS
Level 1
Level 1

‎05-29-2012 02:23 AM - edited ‎03-10-2019 07:08 PM

Hi,

got a new challange - we like to change the CA for our routers - using this routers for s2s ipsec tunnels, in the paste we did this by changing to preshare key authentication - but this is a lot of chonfiguration changes - did someone know a better way of changing the CA certificates of all devices with a minimum of downtime of the tunnel - like having 2 trustpoint ceritificates, that clients can use both CAs during the change to the new CA certificates.

Thanks in advance for any help

Helmut

Labels:
0 Helpful
1 Reply 1

Herbert Baerten
Cisco Employee
Cisco Employee

‎06-04-2012 06:24 AM

Hi helmut

Indeed it should be no problem to just configure a second trust point on each device, authenticate it, enroll it. When all are done, switch to the new cert. downtime should be zero.

Hth

Herbert

Ps to get better response, please post your VPN related questions in the VPN forum!

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents