cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
458
Views
0
Helpful
2
Replies

Managing certificates in a failover pair

Hi all,

I'm having some problems with certs in a failover pair.

I've imported a wildcard cert onto the primary node in a failover pair. This cert was then bound to the outside interface. This is working on the primary node fine for clientless SSL VPNs. I also imported the CA cert.

When we failover to the secondary node, the identity cert doesn't exist. The key is there and the CA cert is there, but there are not identity certificates installed.

As I need this work properly during a failover, this isn't a good situation. Can anyone help get this sorted?

We're running ASA version 9.1.1 and ASDM 7.1.2.

2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

You should be aable to copy the cert over to the secondary ASA. The easiest way is to create a backup in ASDM and select All. The cert will be backed up in PKCS12 format which can then be installed on the secondary ASA.

Thanks for the reply Colin.

Unfortunately, when I failover to the standby device and try to import the cert, it says that the key already exists.

The trustpoint exists when I look at the command line.

Review Cisco Networking for a $25 gift card