Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
0
Helpful
1
Replies

Trustpoint Recovery?

Brian M
Level 1
Level 1

‎12-02-2009 09:21 AM - edited ‎03-09-2019 10:44 PM

How do you recover a trustpoint from the certificates that are still stored in nvram?

Is it a matter of exporting the cert and importing it back?

I would like to be able to do it via the CLI without having to export it if possible.

Thanks!!

Labels:
0 Helpful
1 Reply 1

busterswt
Level 1
Level 1

‎12-09-2009 04:56 PM

My experience is only an ASA, but you could try exporting the trustpoint in pkcs12 format, which should contain both the cert and private keys:

crypto ca export trustpoint pkcs12 passphrase

-trustpoint being the trustpoint name

-passphrase being a password you want to use to protect the output with

The ASA should output the base64-encoded pkcs12 file to the terminal screen, and you can copy/paste into notepad. When you want to import back into the same or different firewall just use the 'import' command:

crypto ca import trustpoint pkcs12 passphrase

The trustpoint name doesn't have to be the same as the one you exported. You'll paste in the pkcs12 output you just copied.

I believe if you've deleted the trustpoint you'll also lose the associated keys. Not 100% on that though. You can't recover the keys from the chain cert.

Hope this is what you're looking for.

- James

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents