Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
860
Views
0
Helpful
1
Replies

Associated trustpoint on certificate - empty ?

tue_noergaard
Level 1
Level 1

‎01-16-2011 02:52 PM

Hi..

I have a asa 5505 with 8.3(2) software.

Some time back I installed a certificate, sighned by Godaddy, and it works..

Now I need to move to another ASA, and when I look at :

sh crypto ca certificates

Certificate

  Status: Available

  Certificate Serial Number: 4ef8d81ba7e7be

  Certificate Usage: General Purpose

  Public Key Type: RSA (2048 bits)

  Issuer Name:

    serialNumber=07969287

    cn=Go Daddy Secure Certification Authority

    ou=http://certificates.godaddy.com/repository

    o=GoDaddy.com\, Inc.

    l=Scottsdale

    st=Arizona

    c=US

  Subject Name:

    cn=vpn.mydomain.dk

    ou=Domain Control Validated

    o=vpn.mydomain.dk

  OCSP AIA:

    URL: http://ocsp.godaddy.com/

  CRL Distribution Points:

    [1]  http://crl.godaddy.com/gds1-25.crl

  Validity Date:

    start date: 00:17:32 CEDT Oct 27 2010

    end   date: 00:17:32 CEDT Oct 27 2012

  Associated Trustpoints:

I notice that the Assoicated trustpoint field is empty. That also means I can´t bo a backup of the certificate since that is done by naming trustpoint.

The trustpoint is in the config, but I don´t have the hex data to insert it again.

How do I associate the already installed certificate that is working with the trustpoint already configured ?

best regards

Tue Frei Noergaard

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎01-17-2011 11:20 AM

Tue,

Out of curiosity how did you import that certificate? You also need to give trustpoint name when enrolling a cert ...

Would it be possible for you to show us "show run" + "show cry key my rsa" (without actual dump if you're concerned).

Normally you can decode/export the DER format (the way IOS and ASA store the cert in running config), just remember to extract the RSA keys if you plan to import it anywhere else.

Marcin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents