Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
842
Views
0
Helpful
2
Replies

Renew pki certificate for VPN

feableee123
Level 1
Level 1

‎12-29-2015 07:07 AM

Hello,

I have  cisco 1921 platform with vpn configured. My certificate is going to expire in few weeks.

I need to send new crs request for renew certificate to my router. I have a few questions:

- do I need configure new keypair  or  can use keypair that signed my old cert  on my router ?

- it is possible to have more than 1 keypair on router ?

My pki trusted point look like:

crypto pki trustpoint   tpoint1
 enrollment terminal pem
 serial-number none
 ip-address x.x.x.x
 subject-name CN=xxxxx,O=yyyyyy,OU=it,C
 revocation-check none
 rsakeypair my_key1

To generate crs  to renew certificate ( old cert should work until new cert is signed by CA)

shoud I create new trusted point  with new keys ?

than generate request

crypto pki enroll   tpoint2  

regards,

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-29-2015 07:34 AM

There's no need to regenerate your private RSA key although you can if you want to.

As long as the current one is 2048-bit I'd keep that one.

You can have more than one key on the device.

0 Helpful

feableee123
Level 1
Level 1
In response to Marvin Rhoads

‎12-31-2015 02:26 AM

Thanks Marvin,

I still dont understand how trustpoint is connected with my ipsec site-to-site connection ( connection should work until I send crs request, and get new certificate back).

If I create second trustpoint 2  with the same keys to generate new crs   - how it works, because in

vpn ipsec configuration there is info what trustpoint use.

0 Helpful
Customers Also Viewed These Support Documents