cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
22664
Views
5
Helpful
4
Replies
Highlighted
Frequent Contributor

move SSL Cert from one device to another on Cisco ASA

Hello Everyone,

Is it possible to move SSL certificate + Key from one cisco asa to another ? I hope its possible and if someone can guide me towards correct documentation that would be perfect.

thank you

Manish

Everyone's tags (8)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

move SSL Cert from one device to another on Cisco ASA

Hello,

This document will do it for you

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809fcf91.shtml#copycert

Check the How to copy SSL certificates from one ASA to another      

Regards,

Any other question..Sure.. Just remember to rate all of my answers.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

4 REPLIES 4
Highlighted

move SSL Cert from one device to another on Cisco ASA

Hello,

This document will do it for you

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809fcf91.shtml#copycert

Check the How to copy SSL certificates from one ASA to another      

Regards,

Any other question..Sure.. Just remember to rate all of my answers.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted
Frequent Contributor

move SSL Cert from one device to another on Cisco ASA

Thanks dude !

Manish

Beginner

Re: move SSL Cert from one device to another on Cisco ASA

We have an ASA5550 running 8.2(5) that we're using as a VPN terminator; it died yesterday when we had a power glitch in the data center, and we're temporarily installing a spare 5510 (we don't have a spare 5550) until it's replaced.  But the RSA keys on the spare don't match the ones on the old firewall, so when we try to install the old cert it fails:

ERROR: Keypair cannot be found for trustpoint UMVPN3-INCOMMON-MAY2020.

The old ASA is dead, so we can't do a straight export/import - all we have to work with is what's in yesterday's config backup...

I gather there's no way to extract the original keys from this; is there any way to recover in this case?  Or must we export the certs from the ASAs with a "crypto ca export" and save copies of these in a secure location?

Highlighted
Beginner

move SSL Cert from one device to another on Cisco ASA

worth noting that RSA keys on an ASA can be exported at any time.  that's not the case with RSA keys on an IOS device, which require that you iniially create the keys with the "exportable" keyword.

https://supportforums.cisco.com/docs/DOC-13553

cheers

mark