Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
5
Helpful
1
Replies

self-signed cert

Go to solution
Benjamin Saito
Level 1
Level 1

‎08-13-2014 12:09 PM - edited ‎03-11-2019 09:37 PM

I have a customer that is using an ASA 5515 and they are requesting the certificate for the webVPN to be changed to use 2048 bits for the Public Key. They didn't purchase or install a cert on this firewall so it is just using the default cert that was already installed and it used 1024 bits for the public key. Is there a way to change that to 2048 without having them purchase a new cert? Any help would be greatly appreciated. Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-13-2014 02:14 PM

Yes - first generate a new RSA key (making sure to specify 2048-bit key length) and then a new self-signed certificate using that key. Change the binding of your outside interface to tie to that newly created certificate.

After doing that, your users should see the 2048-bit key usage in the SSL certificate. I've been setting up ones I do like that lately and can confirm it works. See screen shot below.

View solution in original post

1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-13-2014 02:14 PM

Yes - first generate a new RSA key (making sure to specify 2048-bit key length) and then a new self-signed certificate using that key. Change the binding of your outside interface to tie to that newly created certificate.

After doing that, your users should see the 2048-bit key usage in the SSL certificate. I've been setting up ones I do like that lately and can confirm it works. See screen shot below.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card