Solved: Re: ASA - Check if SSL certificate is being used by anything

m4k3rz · ‎06-08-2022

Hello,

I have this Cisco ASA that has an expired SSL certificate in it, and is causing my company's monitoring system to constantly throw alerts. I would like to delete the certificate, but i don't know if it's being used by anything. I have done a "show run | i certificate_name_xyz" and all i get is 2 entries. one is:

crypto ca trustpoint ASDM_TrustPoint1
enrollment terminal
crl configure

and the second entry is the actual certificate it seems:
crypto ca certificate chain ASDM_TrustPoint1
certificate ca 0a0142800
30820560 30820348 a0030201 0202100a 01428000 00014523 c844b500 00000230........

So, how can i check or know if this certificate is being used by anything? thank you

Rob Ingram · ‎06-08-2022

@m4k3rz do a search for the trustpoint name in the configuration.

If the trustpoint is in use you'd see something like this - ssl trust-point LAB_PKI OUTSIDE or crypto ikev2 remote-access trustpoint LAB_PKI line 2, where LAB_PKI is the trustpoint name.

View solution in original post

Rob Ingram · ‎06-08-2022

@m4k3rz do a search for the trustpoint name in the configuration.

If the trustpoint is in use you'd see something like this - ssl trust-point LAB_PKI OUTSIDE or crypto ikev2 remote-access trustpoint LAB_PKI line 2, where LAB_PKI is the trustpoint name.

m4k3rz · ‎06-09-2022

Thank you very much Rob!

m4k3rz · ‎07-06-2022

Thanks Rob, are those the only 2 scenarios where we can see a certificate being in use on an ASA? (the ones you mentioned: ssl trust-point and crypto ikev2) i just want to make sure we are covering all the potential options.

Thank you!