ASDM ssl key size for http server
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2015
10:37 AM
- last edited on
03-25-2019
05:54 PM
by
ciscomoderator
All,
question - my understanding was that the ASDM/GUI uses the general public key to generate it's ssl cert - e.g.
when browsing to the ASA for https:// ASDM access -
customer would like to change the ssl cert from 1024 bits 2048.
any ideas how I do that?
I changed the default public key to 2048 - e.g.
"crypto key generate rsa general-keys modulus 2048"
then disabled and re-enabled ASDM via
"no http server enable " and "http server enable"
when I access the asdm webpage still seeing a 1024 bit cert for it...
Thanks,
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2015 10:57 AM
Assuming you're using a self-signed identity certificate here, you need to add a new identity certificate and specify that it uses the new 2048-bit key.
Something like this:
crypto key generate rsa label 2048-bit-rsakey modulus 2048 noconfirm
crypto ca trustpoint ASDM_TrustPoint2
revocation-check none
keypair 2048-bit-rsakey
id-usage ssl-ipsec
no fqdn
subject-name CN=<your ASA common name>
enrollment self
crypto ca enroll ASDM_TrustPoint2 noconfirm
You can then delete the old identity certificate.
