I am seeing some conflicting information on this topic and I was wondering if I could get some clarification.
This link states that a local CA cannot be configured on an ASA while failover (in general) is configured:
This link states that the 'crypto ca server' commands will not be synced, implying that they are at least configurable on the active unit:
*The crypto ca server command and related sub-commands are not synchronized to the failover peer
In addition, there are some other miscellaneous resources that state that you can run a local ca server in all cases except Active/Active failover.
I am currently running two ASA's in an Active/Passive failover mode, and whenever I try to enable the local ca server, I get the following error:
ERROR: The local CA server is not supported in a failover
setup. Please disable failover in order to configure the
local CA server
I realize this error pretty much answers my question, but I figured with the information I found, it would be worth it to ask for clarification. With that said, is it at all possible to run a local ca server on an Active/Passive ASA cluster?