08-14-2011 02:18 PM
I have been trying to renew this SSL Cert, but now I'm required to make the key size at least 2048. the current size is 1024.
I changed the key to 2048 using this command "ASA(config)# crypto key generate rsa label ciscoca modulus 2048" then,
I generated the CSR using "ASA(config)# crypto ca enroll ciscoca"
when I test my CSR it fails and shows that I still have key size of 1024.
Any Ideas why it's not taking the new key size???
Solved! Go to Solution.
08-17-2011 05:13 AM
Hello Saleh
After generating the key-pair you have to associate it with a truspoint. Then you need to enroll to the RA/CA.
You are missing the step in the middle. Please look at the following link:
Please rate if helpful.
Regards
Farrukh
08-17-2011 05:13 AM
Hello Saleh
After generating the key-pair you have to associate it with a truspoint. Then you need to enroll to the RA/CA.
You are missing the step in the middle. Please look at the following link:
Please rate if helpful.
Regards
Farrukh
08-18-2011 11:20 PM
Thanks Farrukh,
I just noticed that I included the trustpoint "ciscoca" instead of the keyapair "sslvpnkeypair" when i changed the keysize by mistake.
command should have been:
"ASA(config)# crypto key generate rsa label sslvpnkeypair modulus 2048"
the steps from the document helped too.
-Saleh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide