VPN IPSEC using certificate for authentication.

Unanswered Question
Dec 4th, 2009


I have a quesion concerning, the set up of VPN IPSEC using certificate for authentication not pre-shared key. The situation is that you have generated a  rsa key, then a csr, which has been signed by a CA. You have installed the root and identity on the device, your VPN tunnel is fine. I would like to know, if the rsa key used to create the certificate is destroyed by generating a new key ( this also destroy the identity certificate,  but imagine that you imported the identity certificate, does this will work, or is it necessary to go through the all process ( csr, signing by CA ..... ).

Thanks for your help.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Tue, 12/08/2009 - 09:00

Removing the private key (RSA Key) does not delete your ceritificate, however it does leave your certificate invalid since there is no longer a private key with which to decrypt and sign your information, importing the certificate will not help because the private key is kept on the Device where the CSR was generated and the ID certificate will only have your public key, this unless your CA generated your ID and private key and sent it to you in a pkcs12 format. If that happened (deleted they key) you would need to request a new certificate.

david.chosrova Wed, 01/06/2010 - 09:40

Hello Ivan,

Sorry for the delay, and thanks for your answer. It is what I thought but unsure.


David Chosrova.


This Discussion