Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2520
Views
0
Helpful
3
Replies

Change expiration date in asa identity certificate

Go to solution
Luis_Regalado
Level 1
Level 1

‎12-03-2019 08:18 AM

hello to everything, I have a query, I would like to know if there is a way to change the expiration date of identity certificates on a 5585-x handle since at the time of generating it it generates it for 10 years and I need it only for 1.

Thank you very much for your help and annex img.ic.png

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee
In response to Luis_Regalado

‎12-04-2019 07:45 AM

 Luis_Regalado,

 

If you already have a 3rd party CA you can use the following guide:

 

https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html

 

Normally you have 2 options:

 

1- Generate the CSR on the identity cert tab and get this signed by Digicert so you can install it on the ASA.

2- Request a pkcs12 and install the full chain on the identity certificate tab.

 

Hope this info helps!!

 

Rate if helps you!! 

 

-JP- 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee

‎12-03-2019 09:26 AM

Hi  Luis_Regalado,

 

Considering that looks like a selfsigned cert, this expiry date come by default and can't really be modified.

The fact this is valid for 10 years will not make any difference since if after a year you want to remove this one and create a new one to refresh it you can do it without any problem.

 

Hope this info helps!!

 

Rate if helps you!! 

 

-JP- 

0 Helpful

Go to solution
Luis_Regalado
Level 1
Level 1
In response to JP Miranda Z

‎12-03-2019 09:52 AM

Hello JP Miranda Z and thank you very much for your response, I understand that by default the handle generates said certificate for 10 years now I have a query, I already have a certificate generated by my certifying house (DigiCert) that I have previously added in the section of  CA certificates be used in the identity certificates section? And if so, could you tell me how?

Thanking you very much for your help I hope your feedback

2.png

 

1.jpg

 

 

 

0 Helpful

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee
In response to Luis_Regalado

‎12-04-2019 07:45 AM

 Luis_Regalado,

 

If you already have a 3rd party CA you can use the following guide:

 

https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html

 

Normally you have 2 options:

 

1- Generate the CSR on the identity cert tab and get this signed by Digicert so you can install it on the ASA.

2- Request a pkcs12 and install the full chain on the identity certificate tab.

 

Hope this info helps!!

 

Rate if helps you!! 

 

-JP- 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card