09-07-2018 08:54 AM - edited 02-21-2020 08:12 AM
I would like to remove the Default-RSA-Key from my HA ASA 5525-X with FirePower, as it was only created with 1024 bits, but I have a few questions...
Here are my current RSA keys:
asa/act# sh crypto key mypubkey rsa
Key pair was generated at: 08:10:21 EDT May 8 2018
Key name: <Default-RSA-Key>
Usage: General Purpose Key
Modulus Size (bits): 1024
Storage: config
Key Data:
***
Key pair was generated at: 14:48:38 EDT Aug 24 2018
Key name: HSN_ASA
Usage: General Purpose Key
Modulus Size (bits): 2048
Storage: config
Key Data:
***
Key pair was generated at: 14:57:49 EDT Aug 24 2018
Key name: HSN_ASA_ENC
Usage: Signature Key
Modulus Size (bits): 2048
Storage: config
Key Data:
***
Key pair was generated at: 14:57:49 EDT Aug 24 2018
Key name: HSN_ASA_ENC
Usage: Encryption Key
Modulus Size (bits): 2048
Storage: config
Key Data:
***
Key pair was generated at: 02:45:02 EDT Sep 6 2018
Key name: <Default-RSA-Key>.server
Usage: Encryption Key
Modulus Size (bits): 768
Storage: config
Key Data:
***
Thanks in advance.
John
09-07-2018 10:31 AM - edited 09-07-2018 10:33 AM
Hi John,
Yes, using the command "crypto key zeroize rsa" will remove all keys. This affects keys marked "Storage: config" which yours are. You could use the command "crypto key zeroize rsa label XXXX" to delete a specfic key or "crypto key zerorize rsa default" for the default key.
Sorry I don't 100% know the answers to your other questions and don't have a lab to test, hopefully someone else can help you further.
HTH
09-11-2018 06:00 AM
Thanks for your reply.
So if I use the command crypto key zerorize rsa default to remove the defualt keys, I get the following warning...
WARNING: The default RSA key pair will be removed
WARNING: All device digital certificates issued using these keys will also be removed and
the associated trustpoints may not function correctly.
How can I check to see what certificates were issued with these keys so I can assess the impact to other services once the default keys are removed?
Thanks.
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide