Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA7.0(2) CA Trustpoint Configuration with Root and Subordinate CA

I'm trying to replicate a configuration that was done on my Con3015 to my ASA5520. I was given 2 CA certificate's: A Root and Subordinate and was told to load both or it will not work.

The ASA's use trustpoint configuration. I couldn't load both under one trustpoint so I created two trustpoints.

After loading both CA certificates using file-based enrollment, which trustpoint do I create a PKCS#10 enrollment file against?

Also, I don't understand how both trustpoints are associated. At the end I'd have 2 trustpoints (1 RootCA and 1 SubCA) but only 1 identity will be associate with 1 of the trustpoints.

Is it necessary to add specific commands in the trustpoint configuration?

Is it even necessary to have both CA certificates (Root and Sub CA) installed??

  • Other Security Subjects
New Member

Re: ASA7.0(2) CA Trustpoint Configuration with Root and Subordin

Hello Aignacio,

I have the same problem now. Did you find an solution. If yes could you please send me the prosedure for migrate from 3015 to asa in terms of ca config