cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
838
Views
0
Helpful
2
Replies
Beginner

Renew SSL Certs on ASA

I have been trying to renew this SSL Cert, but now I'm required to make the key size at least 2048. the current size is 1024.

I changed the key to 2048 using this command "ASA(config)# crypto key generate rsa label ciscoca modulus 2048" then,

I generated the CSR using "ASA(config)# crypto ca enroll ciscoca"

when I test my CSR it fails and shows that I still have key size of 1024.

Any Ideas why it's not taking the new key size???

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Renew SSL Certs on ASA

Hello Saleh

After generating the key-pair you have to associate it with a truspoint. Then you need to enroll to the RA/CA.

You are missing the step in the middle. Please look at the following link:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808b3cff.shtml#step2

Please rate if helpful.

Regards

Farrukh

2 REPLIES 2
Highlighted

Renew SSL Certs on ASA

Hello Saleh

After generating the key-pair you have to associate it with a truspoint. Then you need to enroll to the RA/CA.

You are missing the step in the middle. Please look at the following link:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808b3cff.shtml#step2

Please rate if helpful.

Regards

Farrukh

Beginner

Renew SSL Certs on ASA

Thanks Farrukh,

I just noticed that I included the trustpoint "ciscoca" instead of the keyapair "sslvpnkeypair" when i changed the keysize by mistake.

command should have been:

"ASA(config)# crypto key generate rsa label sslvpnkeypair modulus 2048"

the steps from the document helped too.

-Saleh