cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
178
Views
5
Helpful
2
Replies
Highlighted
Beginner

VPN Certificates - changing the trustpoint used by a point to point VPN

My system using certificates to create point to point VPN connections, the certificate currently being used was created using OPEN SSL and is due expire.

I've created a new certificate via a Windows Cert server and loaded onto the ASAs as a new trustpoint.

When I adjust the crypto map to use the new trustpoint, the tunnel continues.

 

If I then delete the expired trustpoint and clear the crypto tunnels, the tunnel will not re-establish.

Is there a command I can run to see which certificate is being used as part of the establishment of the tunnel? 

Everyone's tags (1)
2 REPLIES 2
VIP Advisor

Re: VPN Certificates - changing the trustpoint used by a point to point VPN

did you just upload the newly signed cert only or the new CA (signing server) as wellm in other words the whole new chain?

Please remember to rate useful posts, by clicking on the stars below.

Beginner

Re: VPN Certificates - changing the trustpoint used by a point to point VPN

Thanks for the update.
I've loaded a new root and device certificate.

 

When I use "show crypto ca certificate", I can see both certificate chains.