09-11-2017 11:14 AM - edited 02-21-2020 06:17 AM
I added a new identity certificate to my ASA 5505. I am currently seeing both the old and the new ones listed, with different trustpoint names. If I try to delete the old certificate - either through the ASDM under identity certificates, or with the command "no crypto ca trustpoint ASDM_TrustPoint2" I get the following error: "ERROR: The trustpoint appears to be in use. Unable to remove this trustpoint"
How can I find what's using this and change it to the new one/release the old one? I saw a suggestion elsewhere to use "show tls-proxy session", but it says 0 in use.
Solved! Go to Solution.
09-11-2017 11:43 PM
Do a "show run | inc ASDM_TrustPoint2". With that, you will see where the trust-point is applied.
09-11-2017 07:59 PM
Hello,
Try this commands:
clear configure crypto ca certificate "certname"
clear crypto ca crls
09-11-2017 11:43 PM
Do a "show run | inc ASDM_TrustPoint2". With that, you will see where the trust-point is applied.
09-13-2017 03:09 PM
*facepalm* Of course - thank you. I barely spend any time in here, so I usually just go into the ASDM for stuff because it's faster than trying to remind myself how all the commands work. But this I really should've remembered. :-/
Anyway, it was still on the AnyConnect client connections. Still couldn't figure out how to get to that particular assignment from the ASDM, but was able to re-assign to the new one through CLI. Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide