Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3412
Views
5
Helpful
4
Replies

Finding License Private key

Go to solution
AliYashar Ladani
Level 1
Level 1

‎11-29-2014 04:23 AM - edited ‎03-11-2019 10:09 PM

Hello Dear Group

 

I have an ASA5525, I need to renew the license that has been registered for Anyconnect VPN clients, but I forgot the private key that I have used for license registration. is there any solution to retrieving the private key because this key must be saved somewhere in Firewall. 

 

Thank You

AliYashar

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to AliYashar Ladani

‎11-29-2014 09:50 AM

The private key is not a license. It's an element of the ASA configuration used for certificates.

If you need to renew your certificate (for SSL VPN or other purpose), you create a new Certificate Signing Request (CSR) and install the certificate you receive from the Certificate Authority (CA) following this procedure.

The private key (which is used to sign the CSR) is viewable via "show crypto key mypubkey rsa" command; although that's not needed when renewing an SSL certificate.

You cannot backup or export the private key by itself but you can export the keypair (private key and associated identity certificate) in pkcs12 format using the "crypto ca export" command (or backup menu choice in ASDM and select identity certificates)

View solution in original post

4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-29-2014 08:14 AM

I'm not understanding what you mean by "renew the license". The most commonly used AnyConnect Essentials and AnyConnect Premium licenses are not time-based and never need to be renewed.

If you have time-based licenses ("VPN Flex") they are re-purchased when expired (if necessary) and require you to request a new activation-key once you get the Product Authorization Key (PAK) from Cisco as part of your purchase. The PAK is combined with your product serial number in the Cisco licensing portal to get a new license (delivered in the form of an activation-key) in that case.

0 Helpful

Go to solution
AliYashar Ladani
Level 1
Level 1
In response to Marvin Rhoads

‎11-29-2014 09:25 AM

Thank you for replying,

 The SSL License private key (I have entered when I created CSR) I mean. 

sorry if I didn't mention in my question :)

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to AliYashar Ladani

‎11-29-2014 09:50 AM

The private key is not a license. It's an element of the ASA configuration used for certificates.

If you need to renew your certificate (for SSL VPN or other purpose), you create a new Certificate Signing Request (CSR) and install the certificate you receive from the Certificate Authority (CA) following this procedure.

The private key (which is used to sign the CSR) is viewable via "show crypto key mypubkey rsa" command; although that's not needed when renewing an SSL certificate.

You cannot backup or export the private key by itself but you can export the keypair (private key and associated identity certificate) in pkcs12 format using the "crypto ca export" command (or backup menu choice in ASDM and select identity certificates)

Go to solution
AliYashar Ladani
Level 1
Level 1
In response to Marvin Rhoads

‎11-29-2014 10:05 AM

Yes, you are right 

 

I created a new CSR and I can re-install the new CA after reissuing.

 

Thank You

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card