I have an ASA 5545x that is a production device for receiving all AnyConnect VPN traffic for our organization. We purchased and installed a Comodo certificate to create the trust level necessary for our employees to connect. I'm attempting to enable SSH on the device for management purposes, but the current <Default-RSA-Key> does not allow me to initiate a valid SSH session. I have encountered this issue on other ASAs within our organization, and it hasn't been an issue to simply zeroize the current key and regenerate it to restore the ability to SSH to the devices. Where the snag comes in is that this 5545x is the only ASA that has a key installed that wasn't self signed. With that in mind, I have a few questions about whether 3rd-party signed keys are dependent on the self-signed keys on the device. I intend to zeroize both the <Default-RSA-Key> and the <Default-RSA-Key>.server certificates if they will not affect my VPN-associated Comodo key.
Does the Comodo key depend on other keys existing on the ASA?
Am I free to zeroize only the <Default-RSA-Key> without affecting the VPN associated Comodo key?
Here is the result of the command "show crypto key mypubkey rsa" :
Key pair was generated at: 12:02:29 CDT Aug 19 2014
Key name: <Default-RSA-Key>
Usage: General Purpose Key
Modulus Size (bits): 1024
Key Data:
<Redacted>
Key pair was generated at: 10:16:52 CDT Sep 20 2012
Key name: my.comodo.key
Usage: General Purpose Key
Modulus Size (bits): 2048
Key Data:
<Redacted>
Key pair was generated at: 01:35:42 CDT Jul 30 2014
Key name: <Default-RSA-Key>.server
Usage: Encryption Key
Modulus Size (bits): 768
Key Data:
<Redacted>
Thank you to any and all that assist me in understanding how the ASA handles certificate keys.