12-17-2012 06:33 PM
Hi Guys,
We currently setup an Active/Standby ASA Firewall and with SSL VPN enabled. We found that the Certificate does not sync to standby unit. However, I manually import the CA certificate into Standby unit and somehow it will dissapear after sometime.
I understand that we need to do some Export and Import CA Certificates on ASA to make both have identical setting.
I tried the following command:-
crypto ca export trustpoint
hostname(config)# crypto ca export Main
crypto ca import trustpoint pkcs12
hostname(config)# crypto ca import Main pkcs12
But failed to export out the cert, I understand that it is only for ID cert and not CA cert?
The question is how can I sync both unit to have same identical certificate TrustPoint number?
05-26-2015 01:23 AM
Hi!
I have the same problem.
Have you ever found out how to copy the certificate on the standby ASA?
I have tried the "write standby" command on my ASA 8.2(1) but it does not work.
Thanks
05-26-2015 10:34 AM
You certificates should sync to the standby unit. Is your failover working correctly? And are you using a recent ASA-version?
05-27-2015 01:20 AM
The failover works fine, the CA certficate is replicated to the Standby ASA and also the command "ssl trust-point trustpoint-name interfacename ", but not the identity certificate.
I do have a quite old OS version.. ASA5520 with os 8.2(1), so maybe that's the problem..
05-27-2015 02:25 AM
Upgrade to the newest 8.2 release (8.2(5)57 is the newest in your release-train) and try again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide