Trustpoint Recovery?

Unanswered Question
Dec 2nd, 2009
User Badges:

How do you recover a trustpoint from the certificates that are still stored in nvram?


Is it a matter of exporting the cert and importing it back?


I would like to be able to do it via the CLI without having to export it if possible.


Thanks!!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
busterswt Wed, 12/09/2009 - 16:56
User Badges:
  • Bronze, 100 points or more

My experience is only an ASA, but you could try exporting the trustpoint in pkcs12 format, which should contain both the cert and private keys:


crypto ca export trustpoint pkcs12 passphrase


-trustpoint being the trustpoint name

-passphrase being a password you want to use to protect the output with


The ASA should output the base64-encoded pkcs12 file to the terminal screen, and you can copy/paste into notepad. When you want to import back into the same or different firewall just use the 'import' command:


crypto ca import trustpoint pkcs12 passphrase


The trustpoint name doesn't have to be the same as the one you exported. You'll paste in the pkcs12 output you just copied.


I believe if you've deleted the trustpoint you'll also lose the associated keys. Not 100% on that though. You can't recover the keys from the chain cert.


Hope this is what you're looking for.


- James

Actions

This Discussion