Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
448
Views
0
Helpful
1
Replies

ASDM ssl key size for http server

mhall
Level 1
Level 1

‎01-20-2015 10:37 AM - last edited on ‎03-25-2019 05:54 PM by Community Manager

All,

 

question - my understanding was that the ASDM/GUI uses the general public key to generate it's ssl cert - e.g.

when browsing to the ASA for https:// ASDM access -

 

customer would like to change the ssl cert from 1024 bits 2048.

 

any ideas how I do that?

 

I changed the default public key to 2048 - e.g.

"crypto key generate rsa general-keys modulus 2048"

then disabled and re-enabled ASDM via

"no http server enable " and "http server enable"

when I access the asdm webpage still seeing a 1024 bit cert for it...

 

Thanks,

 

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-20-2015 10:57 AM

Assuming you're using a self-signed identity certificate here, you need to add a new identity certificate and specify that it uses the new 2048-bit key.

Something like this:

   crypto key generate rsa label 2048-bit-rsakey modulus 2048 noconfirm

      crypto ca trustpoint ASDM_TrustPoint2
        revocation-check none
        keypair 2048-bit-rsakey
        id-usage ssl-ipsec 
        no fqdn
        subject-name CN=<your ASA common name>
        enrollment self
      crypto ca enroll ASDM_TrustPoint2 noconfirm

You can then delete the old identity certificate.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card