Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Trustpoint when installing identity certificate via ASDM

I obtained an identity cetificate via a CSR to a CA.  It installed sucessfully, but ASDM put it under a new trustpoint, which does not have the CA cert in the trustpoint chain.  The CA cert  from the issuing CA is on the ASA under a different trustpoint.  I do not have any options to specify the trustpoint that I can see.  How can I get the CA cert and the identity cert on the same trustpoint?  ASA 5510 version 8.0(3), ASDM 6.0  Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Trustpoint when installing identity certificate via ASDM

Hi Mike,

the CA cert you can probably get from the CA, right?

But if not, or if you find it easier, then yes importing the hex representation from the CLI should work although I haven't tested this - you may need to add a PEM header and trailer.

Alternatively you can probably also do the entire operation via the CLI, i.e. copy the certificate chain (containing the CA cert) of the one TP, delete that TP, add the CA cert to the other chain.

hth
Herbert

4 REPLIES
Cisco Employee

Re: Trustpoint when installing identity certificate via ASDM

First of all, I don't think this should cause any problem, does it?

Anyway, if you would like to have both certs under the same trustpoint (TP), I think the easiest way is to:

- delete the TP that has the CA cert

- add a new CA cert, and as TP name use the name of the existing TP that has your identity cert

Just tried it with 8.3 / asdm 6.3 and it works fine, so I suppose it should be ok in 8.0/6.0 as well.


hth

Herbert

New Member

Re: Trustpoint when installing identity certificate via ASDM

Herbert,

Thanks for your reply.  It's not really causing any operational problems - I only noticed it because I can't export the identiy cert via ASDM, because it lacks a CA cert under the same TP.  I think your suggestion will work for me.  Since I can't export under ASDM, the doc I read implies I can cut and paste using the hex representation of the cert in the CLI.  If that's not correct, please indicate, otherwise I think the questionj is answered

Regards,

Mike F

Cisco Employee

Re: Trustpoint when installing identity certificate via ASDM

Hi Mike,

the CA cert you can probably get from the CA, right?

But if not, or if you find it easier, then yes importing the hex representation from the CLI should work although I haven't tested this - you may need to add a PEM header and trailer.

Alternatively you can probably also do the entire operation via the CLI, i.e. copy the certificate chain (containing the CA cert) of the one TP, delete that TP, add the CA cert to the other chain.

hth
Herbert

New Member

Re: Trustpoint when installing identity certificate via ASDM

Herbert,

Thanks, that's what I had hoped.

Regards,

Mike Flanigan

3789
Views
0
Helpful
4
Replies
CreatePlease login to create content