09-10-2010 07:10 AM
Hi,
I wold like to set-up cisco asa for a CA server and provide user authentiaction over digital certificates.
I'm wondering is there any way to do full backup and restore of configuration inlcuding local ca server (root certificate) user certificates and transver it to different ASA firewall in case of hw failiure?
10x
Solved! Go to Solution.
09-10-2010 12:07 PM
Please see the attached backup and restore procedure via CLI...
09-10-2010 12:07 PM
09-16-2010 03:33 AM
It works,
Regarding trust point, i have to delete old trustpoint lacal-ca-server and create new one.
Thanks
04-09-2014 04:39 PM
Will the backup and restore be worked on my case?
https://supportforums.cisco.com/discussion/12168126/asa-upgrade-localcaserver-issue
I upgraded a ASA firewall using the 8.6(1) version with the LOCAL_CA_SERVER, which is for the VPN clients, e.g. one time auth cert deployment, revoking.
Unfortunately, I have to upgrade the version to 9.1 or above, because I hit a bug. I discovered the LOCAL_CA_SERVER of the ASA is working, but the clients' cert. will be untrusted and the certed users will have to enter the username & password again to get the cert.
Why need to do that? I checked the trust points, the local certs, the db on local CA server .... all is matched as the b4 version. Why the b4 deployed clients' cert. will be untrusted? Any idea on that? Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide