Solved: generating new rsa key for anyconnect vpn

jcw009 · ‎01-26-2010

I'm setting up an anyconnect vpn connection. I see that I need to create

a ssl key for this. It uses the same command to generate an ssh key.

Will the newly generated key replace the existing key? If it does is there any impact outside of the ssh keys on my clients clamoring about the key change?

What will happen if I end up getting a 'real' cert through verisign, etc? Will those replace the ssl key?

Thanks!

-Jeff

Ivan Martinon · ‎02-03-2010

Jeff, RSA keys are not the same as SSL certs which Anyconnect uses, however any cert (SSL or ID) relies on keys since these are the public and private keys that are shared during the connection, generating a new RSA key with the default form of the command will re create any existing key wiping out current SSH keys, however if you name the RSA key you are about to create and call this key from within the trustpoint that you use to generate the SSL certificate will not cause any problems with the pre existing keys.

As for your other question if you get a "real" SSL cert you would typically need to generate a CSR (Certificate Signing Request) which will generate a new RSA Key.

View solution in original post

Ivan Martinon · ‎02-03-2010

Jeff, RSA keys are not the same as SSL certs which Anyconnect uses, however any cert (SSL or ID) relies on keys since these are the public and private keys that are shared during the connection, generating a new RSA key with the default form of the command will re create any existing key wiping out current SSH keys, however if you name the RSA key you are about to create and call this key from within the trustpoint that you use to generate the SSL certificate will not cause any problems with the pre existing keys.

As for your other question if you get a "real" SSL cert you would typically need to generate a CSR (Certificate Signing Request) which will generate a new RSA Key.