Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
839
Views
5
Helpful
2
Replies

VPN Certificates - changing the trustpoint used by a point to point VPN

damor
Level 1
Level 1

‎08-14-2019 04:30 AM

My system using certificates to create point to point VPN connections, the certificate currently being used was created using OPEN SSL and is due expire.

I've created a new certificate via a Windows Cert server and loaded onto the ASAs as a new trustpoint.

When I adjust the crypto map to use the new trustpoint, the tunnel continues.

 

If I then delete the expired trustpoint and clear the crypto tunnels, the tunnel will not re-establish.

Is there a command I can run to see which certificate is being used as part of the establishment of the tunnel? 

Labels:
0 Helpful
2 Replies 2

Dennis Mink
VIP Alumni
VIP Alumni

‎08-14-2019 06:15 AM

did you just upload the newly signed cert only or the new CA (signing server) as wellm in other words the whole new chain?

Please remember to rate useful posts, by clicking on the stars below.

damor
Level 1
Level 1
In response to Dennis Mink

‎08-14-2019 07:46 AM

Thanks for the update.
I've loaded a new root and device certificate.

 

When I use "show crypto ca certificate", I can see both certificate chains.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents