Re: Certificate Trustpoint reference not able to change in ASA Firewal

swathi-sankabathula · ‎09-22-2025

Hi,

A certificate is expiring soon assigned to Trustpoint "ASDM_TrustPoint1", now uploaded new certificate by creating new Trustpoint "ASDM_TrustPoint4". I have changed ssl settings with new trustpoint details, but unable to change one of the reference.

Current expiring certificate has below config:

------------------------------------

crypto ca trustpoint ASDM_TrustPoint1
crypto ikev2 remote-access trustpoint ASDM_TrustPoint1
ssl trust-point ASDM_TrustPoint1 VPN-Inside
ssl trust-point ASDM_TrustPoint1 VPN-Internet
trustpoint sp ASDM_TrustPoint1

so, I have uploaded new certificate with ASDM_TrustPoint4 and changed below details
ssl trust-point ASDM_TrustPoint4 VPN-Inside
ssl trust-point ASDM_TrustPoint4 VPN-Internet

I am unable to change this "trustpoint sp ASDM_TrustPoint1" to "trustpoint sp ASDM_TrustPoint4".

Can you please help me on how to change this via CLI or via ASDM? if we don't assign this to new trustpoint, what will be the impact, old trustpoint certificate will expire in 10 days.

I am getting below error, while changing it
ASA(config)# trustpoint sp ASDM_TrustPoint4

^ ERROR: % Invalid input detected at '^' marker.

ASA(config)#

Current version: Cisco Adaptive Security Appliance Software Version 9.14(4)24

nspasov · ‎09-22-2025

The command trustpoint sp is for IdP/SAML configuration and it is probably located under your webvpn configuration. Can you check the following show commands:

show run webpn and see if the configuration you are trying to change is there?

Thank you for rating helpful posts!

Thank you for rating helpful posts!

Certificate Trustpoint reference not able to change in ASA Firewall