Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Trustpoint Recovery?

How do you recover a trustpoint from the certificates that are still stored in nvram?

Is it a matter of exporting the cert and importing it back?

I would like to be able to do it via the CLI without having to export it if possible.



Re: Trustpoint Recovery?

My experience is only an ASA, but you could try exporting the trustpoint in pkcs12 format, which should contain both the cert and private keys:

crypto ca export trustpoint pkcs12 passphrase

-trustpoint being the trustpoint name

-passphrase being a password you want to use to protect the output with

The ASA should output the base64-encoded pkcs12 file to the terminal screen, and you can copy/paste into notepad. When you want to import back into the same or different firewall just use the 'import' command:

crypto ca import trustpoint pkcs12 passphrase

The trustpoint name doesn't have to be the same as the one you exported. You'll paste in the pkcs12 output you just copied.

I believe if you've deleted the trustpoint you'll also lose the associated keys. Not 100% on that though. You can't recover the keys from the chain cert.

Hope this is what you're looking for.

- James