Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Managing certificates in a failover pair

Hi all,

I'm having some problems with certs in a failover pair.

I've imported a wildcard cert onto the primary node in a failover pair. This cert was then bound to the outside interface. This is working on the primary node fine for clientless SSL VPNs. I also imported the CA cert.

When we failover to the secondary node, the identity cert doesn't exist. The key is there and the CA cert is there, but there are not identity certificates installed.

As I need this work properly during a failover, this isn't a good situation. Can anyone help get this sorted?

We're running ASA version 9.1.1 and ASDM 7.1.2.

  • Firewalling

Managing certificates in a failover pair

You should be aable to copy the cert over to the secondary ASA. The easiest way is to create a backup in ASDM and select All. The cert will be backed up in PKCS12 format which can then be installed on the secondary ASA.

Managing certificates in a failover pair

Thanks for the reply Colin.

Unfortunately, when I failover to the standby device and try to import the cert, it says that the key already exists.

The trustpoint exists when I look at the command line.