cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1300
Views
0
Helpful
2
Replies

Cisco ASA 5525 Self-Signed Cert Expiry

Andrew M12
Level 1
Level 1

When generating self-signed certs they default to 10yrs lifetime, is there a way to amend this on self-signed certs at all?

 

I know can do a CSR and get that via a CA, but wanting to know if possible with a self-signed cert or not please, been searching online ages and unable to find any info.

 

thanks in advance

2 Replies 2

bern81
Level 1
Level 1

Hi Andrey,

 

By amending you mean increasing the lifetime of the Cert ?

I don't think you can because when a certificate is generated, you can not modify it at all ( you need to create a brand new one if you want additional attributes).

Actually you don't need to create a self-signed certificate, let's say for ASDM access, ASA generates a temporary self-signed for you. 

 

Hope this helps.

 

Please rate

 

Thanks for the reply Bern

 

Basically ASA has a vpn using a trustpoint with a self-signed cert, 10yrs expiry.

A machine on the end of it creates VPN, ASA presents its ss-cert (of which the connecting machine has a copy of in its Trusted CA list), is happy, connects.

 

An external scan company here is applying the rules of Ballot187/193, which is Subscriber certs issued by CAs must be less than 825days against this self-signed cert which isn't a Subscriber cert from a CA and expires in more than 825 days.

 

Instead of arguing with them on it it's easier for me to just regenerate the certs and amend the lifetime, so wondering if there was a way on the ASA to do this but looked to me like you can only choose CN, RSA keys/encryption and then it generates it always as a 10yr expiry.

 

So yeah, that. If not possible then I'm prepared to go the Trusted CA root, or run up a Microsoft CA/OpenSSL scenario to sign a CSR and choose the lifetime. 

 

thanks to anyone reading, if anyone knows if you can amend the lifetime of a ss-cert when generating on the ASA please do let me know

 

kind rgds

 

Andrew

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: