cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
26529
Views
5
Helpful
4
Replies

move SSL Cert from one device to another on Cisco ASA

manish arora
Level 6
Level 6

Hello Everyone,

Is it possible to move SSL certificate + Key from one cisco asa to another ? I hope its possible and if someone can guide me towards correct documentation that would be perfect.

thank you

Manish

1 Accepted Solution

Accepted Solutions

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

This document will do it for you

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809fcf91.shtml#copycert

Check the How to copy SSL certificates from one ASA to another      

Regards,

Any other question..Sure.. Just remember to rate all of my answers.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

4 Replies 4

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

This document will do it for you

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809fcf91.shtml#copycert

Check the How to copy SSL certificates from one ASA to another      

Regards,

Any other question..Sure.. Just remember to rate all of my answers.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thanks dude !

Manish

We have an ASA5550 running 8.2(5) that we're using as a VPN terminator; it died yesterday when we had a power glitch in the data center, and we're temporarily installing a spare 5510 (we don't have a spare 5550) until it's replaced.  But the RSA keys on the spare don't match the ones on the old firewall, so when we try to install the old cert it fails:

ERROR: Keypair cannot be found for trustpoint UMVPN3-INCOMMON-MAY2020.

The old ASA is dead, so we can't do a straight export/import - all we have to work with is what's in yesterday's config backup...

I gather there's no way to extract the original keys from this; is there any way to recover in this case?  Or must we export the certs from the ASAs with a "crypto ca export" and save copies of these in a secure location?

Mark Walters
Level 1
Level 1

worth noting that RSA keys on an ASA can be exported at any time.  that's not the case with RSA keys on an IOS device, which require that you iniially create the keys with the "exportable" keyword.

https://supportforums.cisco.com/docs/DOC-13553

cheers

mark

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: