Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
80
Views
0
Helpful
1
Replies

ASA 5512 Certificate and Trustpoints Question

aaron-rousch
Level 1
Level 1

‎02-12-2025 01:53 PM

Good Day

I have a Cisco 5512-X Firewall with an expiring Identity Certificate that I already plan on getting Re-keyed by the CA Authority (Go-Daddy)

i have already made a plan to create a new Trust point and have it pending so when the new CSR gets re-keyed I will install it immediately.

Do I have to get a new CA Certificate as well? 

its from Go-Daddy and it's not getting changed anytime soon, as the CA Certificate doesn't expire until 2031, while the Identity Certificate will expire near the end of this month.

 

Thank you for your time and assistance as always. 

Labels:
0 Helpful
1 Reply 1

JP Miranda Z
Cisco Employee
Cisco Employee

‎02-12-2025 07:18 PM - edited ‎02-12-2025 07:18 PM

Hi aaron-rousch,

Usually you don't really need to install the CA again unless you are changing the Certificate Authority from GD to anything else or GD CA cert is expired.

You can download the certificate from GoDaddy and look at the chain just to make sure the CA certificate is the same, for example if you open the .crt you should see something like this:

JPMirandaZ_1-1739416548535.png

If you double click on the CA you should be able to see the Serial number in the Details to compare with the one on your ASA by running the command show cry ca certificates:

JPMirandaZ_2-1739416645740.png

Hope this helps!

 

-JP-

 

0 Helpful
Customers Also Viewed These Support Documents