Solved: Re: How to install GoDaddy SSL Certificate to Cisco ASA (CSR not generated from ASA)

latenaite2011 · ‎02-02-2018

Just wondering how I can install a SSL certificiate from GoDaddy is it was renewed directly on there. The CSR was not regenerated on the ASA and the system admin just chose to renew the SSL Certificate on the GoDaddy's admin panel directly and provided me with the new certificates. Not sure how to install this without the private key.

thanks,

LN

Rahul Govindan · ‎02-02-2018

If you renewed the cert without providing a CSR, they probably used the same keypair. The private key of this keypair is already on the ASA. You can go to the ASDM and add a new identity certificate. In the dropdown for RSA keypair, choose the keypair associated with the trustpoint that had the expiring cert. This should associate the certificate with that private key.

View solution in original post

Rahul Govindan · ‎02-02-2018

If you renewed the cert without providing a CSR, they probably used the same keypair. The private key of this keypair is already on the ASA. You can go to the ASDM and add a new identity certificate. In the dropdown for RSA keypair, choose the keypair associated with the trustpoint that had the expiring cert. This should associate the certificate with that private key.

latenaite2011 · ‎02-02-2018

Ok, I can select that old keypair but how do I associate that under this this with the new certificate? I can't install the SSL certificate from here.

Rahul Govindan · ‎02-02-2018

Apologies, I missed the last step in the process. Create the trustpoint by clicking 'Add Certificate'. Then click on 'Install' for the certificate trustpoint is created.