Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
869
Views
15
Helpful
4
Replies

ASA certificate expired, no adverse symptoms-- Just delete it?

Go to solution
jmaxwellUSAF
VIP
VIP

‎12-29-2022 01:35 PM

I'm tasked with cleaning-up ASA configs. There exist a few certificates that have expired 2 years ago with no adverse effects.

I already understand I should make new valid certificates, but honestly there seems no reason for this to be a priority.

Am I safe with just deleting these old certificates from the configuration?

Thank you!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎12-29-2022 02:34 PM

@jmaxwellUSAF ok if that's their only usage get rid of them. No cert for RAVPN though?

You'll need a certificate in future if you need to connect to ASDM, at which point I suggest issuing a cert from your internal CA.

View solution in original post

4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎12-29-2022 01:44 PM - edited ‎12-29-2022 01:45 PM

@jmaxwellUSAF what is or was the certificate used for? Is it referenced in the configuration somewhere?...which would indicate whether its still in use.

Is it just a root CA certificate or identity certificate?

Go to solution
jmaxwellUSAF
VIP
VIP
In response to Rob Ingram

‎12-29-2022 02:29 PM

I did research the use of these certificates. They are for the ASDM. For security reasons my company does not allow use of the ADSM GUI. We must use only CLI. Anyway the certs expired over a year ago. 

If I need to create a new certificate, will these old certificates somehow prove useful? Or should I just delete them because they lack relevance?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎12-29-2022 02:34 PM

@jmaxwellUSAF ok if that's their only usage get rid of them. No cert for RAVPN though?

You'll need a certificate in future if you need to connect to ASDM, at which point I suggest issuing a cert from your internal CA.

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-29-2022 01:47 PM

if they are old and redundant, there is no reason to keep it , I do not see any reason - you can delete them.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Customers Also Viewed These Support Documents