Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
27238
Views
5
Helpful
4
Replies

move SSL Cert from one device to another on Cisco ASA

Go to solution
manish arora
Level 6
Level 6

‎09-18-2012 10:00 AM

Hello Everyone,

Is it possible to move SSL certificate + Key from one cisco asa to another ? I hope its possible and if someone can guide me towards correct documentation that would be perfect.

thank you

Manish

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎09-18-2012 10:10 AM

Hello,

This document will do it for you

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809fcf91.shtml#copycert

Check the How to copy SSL certificates from one ASA to another      

Regards,

Any other question..Sure.. Just remember to rate all of my answers.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

4 Replies 4

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎09-18-2012 10:10 AM

Hello,

This document will do it for you

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809fcf91.shtml#copycert

Check the How to copy SSL certificates from one ASA to another      

Regards,

Any other question..Sure.. Just remember to rate all of my answers.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
manish arora
Level 6
Level 6
In response to Julio Carvajal

‎09-18-2012 10:17 AM

Thanks dude !

Manish

0 Helpful

Go to solution
KURT HILLIG
Level 1
Level 1
In response to Julio Carvajal

‎09-19-2012 10:41 AM

We have an ASA5550 running 8.2(5) that we're using as a VPN terminator; it died yesterday when we had a power glitch in the data center, and we're temporarily installing a spare 5510 (we don't have a spare 5550) until it's replaced.  But the RSA keys on the spare don't match the ones on the old firewall, so when we try to install the old cert it fails:

ERROR: Keypair cannot be found for trustpoint UMVPN3-INCOMMON-MAY2020.

The old ASA is dead, so we can't do a straight export/import - all we have to work with is what's in yesterday's config backup...

I gather there's no way to extract the original keys from this; is there any way to recover in this case?  Or must we export the certs from the ASAs with a "crypto ca export" and save copies of these in a secure location?

0 Helpful

Go to solution
Mark Walters
Level 1
Level 1

‎02-23-2014 08:12 AM

worth noting that RSA keys on an ASA can be exported at any time.  that's not the case with RSA keys on an IOS device, which require that you iniially create the keys with the "exportable" keyword.

https://supportforums.cisco.com/docs/DOC-13553

cheers

mark

0 Helpful
Customers Also Viewed These Support Documents