Solved: Renew SSL Certs on ASA

salkatib · ‎08-14-2011

I have been trying to renew this SSL Cert, but now I'm required to make the key size at least 2048. the current size is 1024.

I changed the key to 2048 using this command "ASA(config)# crypto key generate rsa label ciscoca modulus 2048" then,

I generated the CSR using "ASA(config)# crypto ca enroll ciscoca"

when I test my CSR it fails and shows that I still have key size of 1024.

Any Ideas why it's not taking the new key size???

Farrukh Haroon · ‎08-17-2011

Hello Saleh

After generating the key-pair you have to associate it with a truspoint. Then you need to enroll to the RA/CA.

You are missing the step in the middle. Please look at the following link:

Please rate if helpful.

Regards

Farrukh

Farrukh Haroon · ‎08-17-2011

Hello Saleh

After generating the key-pair you have to associate it with a truspoint. Then you need to enroll to the RA/CA.

You are missing the step in the middle. Please look at the following link:

Please rate if helpful.

Regards

Farrukh

salkatib · ‎08-18-2011

Thanks Farrukh,

I just noticed that I included the trustpoint "ciscoca" instead of the keyapair "sslvpnkeypair" when i changed the keysize by mistake.

command should have been:

"ASA(config)# crypto key generate rsa label sslvpnkeypair modulus 2048"

the steps from the document helped too.

-Saleh