What will happen if Certificates on ASA box expired

Unanswered Question
Apr 9th, 2010
User Badges:

Hi All,

Just cannot find appropriate document about what affected by Expired Certification on ASA bow.

I use this certificates for Client-to-Site and Site-to-Site VPN.

If you can help answer or point to appropriate docs will be a lot of help.

Thank you very much.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Sat, 04/10/2010 - 00:11
User Badges:
  • Cisco Employee,

If you use certificate to authenticate the vpn client or for site-to-site vpn authentication, with expired certificate, authentication will not work, and you won't be able to establish the VPN tunnel.

You would need to renew the certificate.

amnuaymek Thu, 04/15/2010 - 20:15
User Badges:

Hi halijenn ,

Thank you very much for your answer! Anyway can you leads me to some doc then I can read more


Jennifer Halim Fri, 04/16/2010 - 02:56
User Badges:
  • Cisco Employee,

Since authentication is done via the certificate for remote vpn client and lan-to-lan, if the certificate has expired, it will not able to authenticate, hence, they won't be able to connect. Just like if a password has expired, you were not able to authenticate anymore, hence can't connect through vpn.

Here is a sample configuration on how to renew a certificate:


The sample configuration is on how to renew SSL certificate, but the concept is the same for any certificate renewal.


This Discussion

Related Content