10-07-2022 04:03 AM
Hi Community,
On an Asa 5505 i want to add a Identity Certifikate. I have a new Certificate File (.crt) But i need a Passphrase. What passphrase please?
So this do not works.
Next Idea: Converting the Certifikat. So i need my "private key" stored somewhere in the ASA. How do get this private key?
10-07-2022 04:47 AM
If you created the CSR on the ASA then the private key would be already stored in the ASA, so you don't have to worry about it. However, if you are trying to install a cert of which its CSR was not generated on the ASA, then you should create a PKCS12 file which will include both the cert, root cert, subroot cert, as well as the private key. Regarding the password that would be required that will be the password that has been used when the PKCS12 file was created.
10-10-2022 12:58 AM
Ok, I'll try a better description of the problem:
I have a certicat on the ASA that will expire soon.
I therefore received a new certificate ,.CRT files, not a PKCS12 file, automatically without creating a CSR file. The previous CSR file generated on the ASA should continue to apply.
I just want to update the expiring certificate.
How does it work?
10-10-2022 01:05 AM
The existing certificate will expire, there is nothing you can do to update that specific certificate. To replace the certificate you would need to create a CSR on the ASA that contains the same CN, SAN, etc. that the current certificate has and then get that CSR signed by the certificate authority (be sure to request the full certificate chain back). Then complete the certificate import on the ASA and the new certificate will be added to the ASA. Now you need to identify the services that the current certificate is being used for and then replace it with the new certificate within those services.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide