cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
964
Views
15
Helpful
4
Replies

ASA certificate expired, no adverse symptoms-- Just delete it?

I'm tasked with cleaning-up ASA configs. There exist a few certificates that have expired 2 years ago with no adverse effects.

I already understand I should make new valid certificates, but honestly there seems no reason for this to be a priority.

Am I safe with just deleting these old certificates from the configuration?

Thank you!

1 Accepted Solution

Accepted Solutions

@jmaxwellUSAF ok if that's their only usage get rid of them. No cert for RAVPN though?

You'll need a certificate in future if you need to connect to ASDM, at which point I suggest issuing a cert from your internal CA.

View solution in original post

4 Replies 4

@jmaxwellUSAF what is or was the certificate used for? Is it referenced in the configuration somewhere?...which would indicate whether its still in use.

Is it just a root CA certificate or identity certificate?

I did research the use of these certificates. They are for the ASDM. For security reasons my company does not allow use of the ADSM GUI. We must use only CLI. Anyway the certs expired over a year ago. 

If I need to create a new certificate, will these old certificates somehow prove useful? Or should I just delete them because they lack relevance?

@jmaxwellUSAF ok if that's their only usage get rid of them. No cert for RAVPN though?

You'll need a certificate in future if you need to connect to ASDM, at which point I suggest issuing a cert from your internal CA.

balaji.bandi
Hall of Fame
Hall of Fame

if they are old and redundant, there is no reason to keep it , I do not see any reason - you can delete them.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help