cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
209
Views
5
Helpful
1
Replies

self-signed cert

Benjamin Saito
Level 1
Level 1

I have a customer that is using an ASA 5515 and they are requesting the certificate for the webVPN to be changed to use 2048 bits for the Public Key. They didn't purchase or install a cert on this firewall so it is just using the default cert that was already installed and it used 1024 bits for the public key. Is there a way to change that to 2048 without having them purchase a new cert? Any help would be greatly appreciated. Thanks!

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

Yes - first generate a new RSA key (making sure to specify 2048-bit key length) and then a new self-signed certificate using that key. Change the binding of your outside interface to tie to that newly created certificate.

After doing that, your users should see the 2048-bit key usage in the SSL certificate. I've been setting up ones I do like that lately and can confirm it works. See screen shot below.

View solution in original post

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

Yes - first generate a new RSA key (making sure to specify 2048-bit key length) and then a new self-signed certificate using that key. Change the binding of your outside interface to tie to that newly created certificate.

After doing that, your users should see the 2048-bit key usage in the SSL certificate. I've been setting up ones I do like that lately and can confirm it works. See screen shot below.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: