Trustpoint Recovery?

Unanswered Question
Dec 2nd, 2009
User Badges:

How do you recover a trustpoint from the certificates that are still stored in nvram?

Is it a matter of exporting the cert and importing it back?

I would like to be able to do it via the CLI without having to export it if possible.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
busterswt Wed, 12/09/2009 - 16:56
User Badges:
  • Bronze, 100 points or more

My experience is only an ASA, but you could try exporting the trustpoint in pkcs12 format, which should contain both the cert and private keys:

crypto ca export trustpoint pkcs12 passphrase

-trustpoint being the trustpoint name

-passphrase being a password you want to use to protect the output with

The ASA should output the base64-encoded pkcs12 file to the terminal screen, and you can copy/paste into notepad. When you want to import back into the same or different firewall just use the 'import' command:

crypto ca import trustpoint pkcs12 passphrase

The trustpoint name doesn't have to be the same as the one you exported. You'll paste in the pkcs12 output you just copied.

I believe if you've deleted the trustpoint you'll also lose the associated keys. Not 100% on that though. You can't recover the keys from the chain cert.

Hope this is what you're looking for.

- James


This Discussion