Solved: Re: Can't remove certificate from ASA

cawst · ‎09-11-2017

I added a new identity certificate to my ASA 5505. I am currently seeing both the old and the new ones listed, with different trustpoint names. If I try to delete the old certificate - either through the ASDM under identity certificates, or with the command "no crypto ca trustpoint ASDM_TrustPoint2" I get the following error: "ERROR: The trustpoint appears to be in use. Unable to remove this trustpoint"

How can I find what's using this and change it to the new one/release the old one? I saw a suggestion elsewhere to use "show tls-proxy session", but it says 0 in use.

Karsten Iwen · ‎09-11-2017

Do a "show run | inc ASDM_TrustPoint2". With that, you will see where the trust-point is applied.

View solution in original post

Flavio Miranda · ‎09-11-2017

Hello,

Try this commands:

clear configure crypto ca certificate "certname"

clear crypto ca crls

Karsten Iwen · ‎09-11-2017

Do a "show run | inc ASDM_TrustPoint2". With that, you will see where the trust-point is applied.

cawst · ‎09-13-2017

*facepalm* Of course - thank you. I barely spend any time in here, so I usually just go into the ASDM for stuff because it's faster than trying to remind myself how all the commands work. But this I really should've remembered. :-/

Anyway, it was still on the AnyConnect client connections. Still couldn't figure out how to get to that particular assignment from the ASDM, but was able to re-assign to the new one through CLI. Thanks!