https on pix and asa - cert expired

Unanswered Question
Sep 14th, 2010
User Badges:

The https certificate of one of our pix firewalls has expired, so I wondered how to refresh it.

I tried everything from generating new key pairs to zeroizing every key I could grab and generate new ones, disabling and enabling the http server in between, so in theory it should start with a new cert.

however, deleting installed certs and clearing the cache of the browser didn´t help much, all the client sees is the expired cert, which I suspect to be the cert the pix is still delivering.

can someone share some light on how the https demon is actually related to the key pairs and what you need to do in order to refresh an expired cert on a pix 7.05 ?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marcin Latosiewicz Tue, 09/14/2010 - 09:26
User Badges:
  • Cisco Employee,


7.0.5 is ancient :-)

I believe the exact check that is done is if certificate exists.

care to share your "show run crypto ca trust" "show cry ca cert" outputs?



This Discussion