12-11-2013 08:13 AM - edited 03-11-2019 08:16 PM
Hi all,
I'm having some problems with certs in a failover pair.
I've imported a wildcard cert onto the primary node in a failover pair. This cert was then bound to the outside interface. This is working on the primary node fine for clientless SSL VPNs. I also imported the CA cert.
When we failover to the secondary node, the identity cert doesn't exist. The key is there and the CA cert is there, but there are not identity certificates installed.
As I need this work properly during a failover, this isn't a good situation. Can anyone help get this sorted?
We're running ASA version 9.1.1 and ASDM 7.1.2.
12-11-2013 01:41 PM
You should be aable to copy the cert over to the secondary ASA. The easiest way is to create a backup in ASDM and select All. The cert will be backed up in PKCS12 format which can then be installed on the secondary ASA.
12-12-2013 03:17 AM
Thanks for the reply Colin.
Unfortunately, when I failover to the standby device and try to import the cert, it says that the key already exists.
The trustpoint exists when I look at the command line.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide