What will happen if Certificates on ASA box expired

Unanswered Question
Apr 9th, 2010
User Badges:


Hi All,


Just cannot find appropriate document about what affected by Expired Certification on ASA bow.

I use this certificates for Client-to-Site and Site-to-Site VPN.


If you can help answer or point to appropriate docs will be a lot of help.


Thank you very much.


AM.  

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Sat, 04/10/2010 - 00:11
User Badges:
  • Cisco Employee,

If you use certificate to authenticate the vpn client or for site-to-site vpn authentication, with expired certificate, authentication will not work, and you won't be able to establish the VPN tunnel.


You would need to renew the certificate.

amnuaymek Thu, 04/15/2010 - 20:15
User Badges:

Hi halijenn ,


Thank you very much for your answer! Anyway can you leads me to some doc then I can read more


    

Jennifer Halim Fri, 04/16/2010 - 02:56
User Badges:
  • Cisco Employee,

Since authentication is done via the certificate for remote vpn client and lan-to-lan, if the certificate has expired, it will not able to authenticate, hence, they won't be able to connect. Just like if a password has expired, you were not able to authenticate anymore, hence can't connect through vpn.


Here is a sample configuration on how to renew a certificate:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809fcf91.shtml


The sample configuration is on how to renew SSL certificate, but the concept is the same for any certificate renewal.

Actions

This Discussion

Related Content