Export private key from PIX

Unanswered Question
Sep 8th, 2007
User Badges:


I am upgrading from PIX 515 to ASA 5520 and I need to export the private keys generated on PIX with command `crypto key generate rsa` to ASA. That's because I want to reuse on ASA the certificate generated by CA for PIX. Is there a way to acomplish this task other then re-generate new keypair on ASA and re-enroll it on CA? Please advise.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tstanik Thu, 09/13/2007 - 13:55
User Badges:
  • Bronze, 100 points or more

When two devices use an Identity Certificate to initiate VPN negotiations, they actually need to prove they are actually the devices for which those certificates were issued. Following this idea, each device needs to provide certain information to the CA server in order to get this certificate properly signed by it. When two devices need to use certificates to initiate a VPN tunnel, they should not be able to use the certificate from another device to authenticate themselves. Hence it is going to be necessary to enroll the ASA device against the CA server in order to have the option to use certificates.


This Discussion