09-03-2020 05:33 AM
Hello for everybpdy.
We are going to change old ssl certificate on firepower 1140 by new ssl certificate. If i understood correclty, for this action i need delete current certificate from current anyconnect connection
Delete it from pki certificate
After that, i need to add a new ssl certificate with the same name and link it to the appropriate interface in the anyconnect profile.
Is this procedure correct, or ssl certificate need to be changed other way?
Solved! Go to Solution.
09-03-2020 06:17 AM
Yes, once you've completed the process to import the new certificate, the certificate should state "available".
Deploy the policy to the FTD, confirm the new certificate is working correctly, at this point you can safely delete the old certificate trustpoint.
09-03-2020 05:39 AM
Hi,
You don't need to delete the old certificate first. You can create the new trustpoint, authenticate and enrol. You would then just then select the new identity certificate from the drop-down list and deploy the policy. Once you've confirmed the new certificate is working you can then remove the old trustpoint.
HTH
09-03-2020 05:51 AM
But if old and new ssl certificate should have the same name, is it possible to realize your way?
for example, current (old) certificate vpn.contoso.com
new certificate also should be vpn.contoso.com
Can i create two certificate with the same name?
09-03-2020 05:53 AM
Well no not if you want to use the same name. Obviously in that scenario you would have to delete the old certificate, but then you cannot revert to the old certificate if there was an issue. The trustpoint name does not necessarily need to match the name of the certificates fqdn.
09-03-2020 06:11 AM
I add new ssl like vpn1.contoso.com.
And now i can try it like vpn1.contoso.com
If everything will be fine with the new ssl certificate, i can delete the old ssl. Is this correct?
09-03-2020 06:17 AM
Yes, once you've completed the process to import the new certificate, the certificate should state "available".
Deploy the policy to the FTD, confirm the new certificate is working correctly, at this point you can safely delete the old certificate trustpoint.
09-03-2020 06:27 AM
It works.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide