generating new rsa key for anyconnect vpn

Answered Question
Jan 26th, 2010
User Badges:

I'm setting up an anyconnect vpn connection. I see that I need to create

a ssl key for this. It uses the same command to generate an ssh key.


Will the newly generated key replace the existing key? If it does is there any impact outside of the ssh keys on my clients clamoring about the key change?


What will happen if I end up getting a 'real' cert through verisign, etc? Will those replace the ssl key?


Thanks!


-Jeff

Correct Answer by Ivan Martinon about 7 years 3 months ago

Jeff, RSA keys are not the same as SSL certs which Anyconnect uses, however any cert (SSL or ID) relies on keys since these are the public and private keys that are shared during the connection, generating a new RSA key with the default form of the command will re create any existing key wiping out current SSH keys, however if you name the RSA key you are about to create and call this key from within the trustpoint that you use to generate the SSL certificate will not cause any problems with the pre existing keys.


As for your other question if you get a "real" SSL cert you would typically need to generate a CSR (Certificate Signing Request) which will generate a new RSA Key.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Ivan Martinon Wed, 02/03/2010 - 13:21
User Badges:
  • Cisco Employee,

Jeff, RSA keys are not the same as SSL certs which Anyconnect uses, however any cert (SSL or ID) relies on keys since these are the public and private keys that are shared during the connection, generating a new RSA key with the default form of the command will re create any existing key wiping out current SSH keys, however if you name the RSA key you are about to create and call this key from within the trustpoint that you use to generate the SSL certificate will not cause any problems with the pre existing keys.


As for your other question if you get a "real" SSL cert you would typically need to generate a CSR (Certificate Signing Request) which will generate a new RSA Key.

Actions

This Discussion