Solved: Renewing identity certificate on Cisco ASA 5505, do I have to renew all user certificates?

dsart · ‎08-24-2015

n00b questions.

I have to renew my identity SSL certificate soon on my Cisco ASA 5505. Will I have to renew all my client certificates on their devices so they can establish a vpn tunnel?

Dinesh Moudgil · ‎08-25-2015

Hi dsartoros,

If you are having a self signed identity certificate (locally generated) renewed then you will need to upload that certificate on the clients so that they can connect without getting "server untrusted certificate error".

If you are renewing a certificate issued by a 3rd party CA (sending CSR to CA and then getting certificate) then you won't need to make changes on the client as they already trust the root CA who is issuing the certificate in the first place.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

Dinesh Moudgil · ‎08-25-2015

Hi dsartoros,

If you are having a self signed identity certificate (locally generated) renewed then you will need to upload that certificate on the clients so that they can connect without getting "server untrusted certificate error".

If you are renewing a certificate issued by a 3rd party CA (sending CSR to CA and then getting certificate) then you won't need to make changes on the client as they already trust the root CA who is issuing the certificate in the first place.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/