Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1403
Views
0
Helpful
6
Replies

how to delete old trustpoint and keypair created in ASDM

Go to solution
james.king14
Level 1
Level 1

‎09-20-2023 12:14 PM

Would like to know how to delete old or unused keypair(s) and trustpoints in ASA.

rustpoint Godaddy_2024:
Subject Name:
cn=Starfield Secure Certificate Authority - G2
ou=http://certs.starfieldtech.com/repository/
o=Starfield Technologies\, Inc.
l=Scottsdale
st=Arizona
c=US
Serial Number: 07
Certificate configured.


Trustpoint SSL-GD2024:
Subject Name:
cn=Starfield Secure Certificate Authority - G2
ou=http://certs.starfieldtech.com/repository/
o=Starfield Technologies\, Inc.
l=Scottsdale
st=Arizona
c=US
Serial Number: 07
Certificate configured.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎09-25-2023 11:14 PM

Hi @james.king14,

I'm not much of an ASDM user, so I don't know all the tricks. I would expect to see CA certificates here, as this is CA section. If you are looking into deleting identity certificate, you should click one field lower. However, ASA is usually linking CA certificate along with identity certificate (there are rare cases where those two are not tied up together). One CA can be linked to multiple identity certificates also.

You can use CLI command "show crypto ca trustpoints" to check all of the configured/imported certificates on your ASA. Over there, you can see the associated keys also, which can then be deleted with "crypto key zeroize rsa label key_name".

Kind regards,

Milos

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎09-21-2023 12:31 AM

Hi @james.king14,

You should be able to go to Configuration / Device Management / Certificate Management and to pick either Identity or CA certificate you want to delete.

Kind regards,

Milos

0 Helpful

Go to solution
james.king14
Level 1
Level 1
In response to Milos_Jovanovic

‎09-25-2023 08:22 AM

Hello Milos,

 

I tried that already and found that under the ASDM the CA certs are going under the CA named cert which is same as last year.  Star Point from Godaddy.

Preview file
77 KB
0 Helpful

Go to solution
james.king14
Level 1
Level 1

‎09-25-2023 08:22 AM

Also How do you discard the enrollled Keypairs?

0 Helpful

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎09-25-2023 11:14 PM

Hi @james.king14,

I'm not much of an ASDM user, so I don't know all the tricks. I would expect to see CA certificates here, as this is CA section. If you are looking into deleting identity certificate, you should click one field lower. However, ASA is usually linking CA certificate along with identity certificate (there are rare cases where those two are not tied up together). One CA can be linked to multiple identity certificates also.

You can use CLI command "show crypto ca trustpoints" to check all of the configured/imported certificates on your ASA. Over there, you can see the associated keys also, which can then be deleted with "crypto key zeroize rsa label key_name".

Kind regards,

Milos

0 Helpful

Go to solution
james.king14
Level 1
Level 1
In response to Milos_Jovanovic

‎09-26-2023 06:14 AM

Hi Milos

First let me state that you “crypto zeroize” statement works wonder.
Thanks you for that solution. Can you remind me, how to get rid of old
trustpoints!
0 Helpful

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to james.king14

‎09-26-2023 06:54 AM

CLI rules!

You can list all trustpoints with command "show crypto ca trustpoints", and then simply delete selected one with "no crypto ca trustpoint MyTPoint".

Kind regards,

Milos

0 Helpful
Customers Also Viewed These Support Documents