08-14-2019 04:30 AM
My system using certificates to create point to point VPN connections, the certificate currently being used was created using OPEN SSL and is due expire.
I've created a new certificate via a Windows Cert server and loaded onto the ASAs as a new trustpoint.
When I adjust the crypto map to use the new trustpoint, the tunnel continues.
If I then delete the expired trustpoint and clear the crypto tunnels, the tunnel will not re-establish.
Is there a command I can run to see which certificate is being used as part of the establishment of the tunnel?
08-14-2019 06:15 AM
did you just upload the newly signed cert only or the new CA (signing server) as wellm in other words the whole new chain?
08-14-2019 07:46 AM
Thanks for the update.
I've loaded a new root and device certificate.
When I use "show crypto ca certificate", I can see both certificate chains.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: