Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

self-signed cert

I have a customer that is using an ASA 5515 and they are requesting the certificate for the webVPN to be changed to use 2048 bits for the Public Key. They didn't purchase or install a cert on this firewall so it is just using the default cert that was already installed and it used 1024 bits for the public key. Is there a way to change that to 2048 without having them purchase a new cert? Any help would be greatly appreciated. Thanks!

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Yes - first generate a new

Yes - first generate a new RSA key (making sure to specify 2048-bit key length) and then a new self-signed certificate using that key. Change the binding of your outside interface to tie to that newly created certificate.

After doing that, your users should see the 2048-bit key usage in the SSL certificate. I've been setting up ones I do like that lately and can confirm it works. See screen shot below.

1 REPLY
Hall of Fame Super Silver

Yes - first generate a new

Yes - first generate a new RSA key (making sure to specify 2048-bit key length) and then a new self-signed certificate using that key. Change the binding of your outside interface to tie to that newly created certificate.

After doing that, your users should see the 2048-bit key usage in the SSL certificate. I've been setting up ones I do like that lately and can confirm it works. See screen shot below.

30
Views
5
Helpful
1
Replies