Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6585
Views
5
Helpful
8
Replies

Replacement ASA - Copying Production ASA Config to Replacement ASA

Go to solution
nrpinetsupport
Level 1
Level 1

‎03-23-2007 05:08 PM - edited ‎02-21-2020 01:27 AM

Hello all:

I'm performing an upgrade on a spare ASA5520 from 7.2(1) to 7.2(2-14). I'm trying to copy the config from an ASA that is in production and would like to replace it with the ASA I am upgrading. I am able to copy the running-config to the replacement ASA, however the SSL Certificate is giving me problems. I receive and error of .....ERROR: Public key contained in the device certificate doesn't match the device's public key <Default-RSA-Key> configured for trustpoint %trustpointname%. Device certificate is not installed.

I am able to get into the CLI, but can not access the device from the ASDM client. Any help would be very appreciated.

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
abinjola
Cisco Employee
Cisco Employee
In response to nrpinetsupport

‎03-26-2007 12:52 PM

Yes the above commands looks good..first replicate the configuration to the ASA...and then import the certificate from the trustpoint

View solution in original post

0 Helpful
8 Replies 8

Go to solution
abinjola
Cisco Employee
Cisco Employee

‎03-23-2007 05:20 PM

delete the current keys

ca zeroize rsa

..disable the trustpoint from your config and then create new keys

Go to solution
nrpinetsupport
Level 1
Level 1
In response to abinjola

‎03-23-2007 05:25 PM

Hey Abinjola,

Thanks for the reply. I'm not sure how to disable the Trustpoint and how to create new keys.

Thanks!

0 Helpful

Go to solution
abinjola
Cisco Employee
Cisco Employee
In response to nrpinetsupport

‎03-23-2007 07:14 PM

if you have disabled the web VPN COnfig (trust points from the config) and still getting the error mesage then check this :-

CSCsc08926

http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl

0 Helpful

Go to solution
abinjola
Cisco Employee
Cisco Employee
In response to nrpinetsupport

‎03-26-2007 11:46 AM

can you please update me about this ...

0 Helpful

Go to solution
nrpinetsupport
Level 1
Level 1
In response to abinjola

‎03-26-2007 12:31 PM

Hi abinjola,

I've removed the trustpoint (no crypto trustpoint %trustpointname%, however I'm not sure how to create new keys once I have done that. Could you provide me with the steps for disabling trustpoint, and creating new keys?

thank you for all your help!

0 Helpful

Go to solution
abinjola
Cisco Employee
Cisco Employee
In response to nrpinetsupport

‎03-26-2007 12:33 PM

crypto key gen rsa modulus 1024

0 Helpful

Go to solution
nrpinetsupport
Level 1
Level 1
In response to abinjola

‎03-26-2007 12:40 PM

sorry for so many questions (new at this)

steps:

1 - no crypto ca trustpoint %trustpointname% (delete trustpoint)

2 - ca zeroize rsa (remove rsa keys)

3 - crypto key gen rsa modulus 1024

Then I will need to import my SSL Cert?

0 Helpful

Go to solution
abinjola
Cisco Employee
Cisco Employee
In response to nrpinetsupport

‎03-26-2007 12:52 PM

Yes the above commands looks good..first replicate the configuration to the ASA...and then import the certificate from the trustpoint

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card