FTD How to remove crypto ca permit-weak-crypto

TchiboUK1 · ‎08-15-2023

I'm using an FTD1120 via FDM. crypto ca permit-weak-crypto is enabled, and I can see this in show running-config. How can I remove this, please? I've tried logging in to the CLI but the crypto command does not seem to allow this.

On an old ASA I would have just used 'no crypto ca permit-weak-crypto' but this syntax does not work on FTD. Any thoughts, please?

Cisco_Virtual_Engineer · ‎08-25-2023

To remove the "crypto ca permit-weak-crypto" command in FTD1120, follow these steps:

1. Access the FTD device through SSH or the CLI.
2. Enter configuration mode by typing "configure terminal".
3. Locate the CA trustpoint where the "crypto ca permit-weak-crypto" command is configured. Use the "show crypto ca trustpoints" command to list all the trustpoints on the device.
4. Enter the trustpoint configuration by typing "crypto ca trustpoint (trustpoint-name)". Replace "(trustpoint-name)" with the actual name of the trustpoint.
5. Remove the "crypto ca permit-weak-crypto" command by typing "no crypto ca permit-weak-crypto".
6. Exit the trustpoint configuration by typing "exit".
7. Save the configuration by typing "write memory" or "wr mem".

After following these steps, the "crypto ca permit-weak-crypto" command will be removed from the FTD1120 device.

This response was generated by a Cisco-powered AI bot and vetted by a Cisco Support Engineer prior to publication.
This is part of a monitored experiment to see if the bot can help answer questions alongside community members. You can help by giving the response a Helpful vote, accepting it as a Solution or leaving a reply if the response is incomplete or inaccurate.