Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

generating new rsa key for anyconnect vpn

I'm setting up an anyconnect vpn connection. I see that I need to create

a ssl key for this. It uses the same command to generate an ssh key.

Will the newly generated key replace the existing key? If it does is there any impact outside of the ssh keys on my clients clamoring about the key change?

What will happen if I end up getting a 'real' cert through verisign, etc? Will those replace the ssl key?

Thanks!

-Jeff

1 ACCEPTED SOLUTION

Accepted Solutions

Re: generating new rsa key for anyconnect vpn

Jeff, RSA keys are not the same as SSL certs which Anyconnect uses, however any cert (SSL or ID) relies on keys since these are the public and private keys that are shared during the connection, generating a new RSA key with the default form of the command will re create any existing key wiping out current SSH keys, however if you name the RSA key you are about to create and call this key from within the trustpoint that you use to generate the SSL certificate will not cause any problems with the pre existing keys.

As for your other question if you get a "real" SSL cert you would typically need to generate a CSR (Certificate Signing Request) which will generate a new RSA Key.

1 REPLY

Re: generating new rsa key for anyconnect vpn

Jeff, RSA keys are not the same as SSL certs which Anyconnect uses, however any cert (SSL or ID) relies on keys since these are the public and private keys that are shared during the connection, generating a new RSA key with the default form of the command will re create any existing key wiping out current SSH keys, however if you name the RSA key you are about to create and call this key from within the trustpoint that you use to generate the SSL certificate will not cause any problems with the pre existing keys.

As for your other question if you get a "real" SSL cert you would typically need to generate a CSR (Certificate Signing Request) which will generate a new RSA Key.

596
Views
0
Helpful
1
Replies