Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Copy SSL Cert and Key's from old ASA5520 to new ASA5545-X

                   I am using this link below to follow for copying the SSL certificate to the new ASA from the old, but the language is not clear on whether the public/private keys are exported in this pkcs12 file, can you please confirm if this is the case? I successfully exported and imported the pkcs12 file but need to make sure the keys are also imported or if I need to manually do the keys also? It states that it includes all of the associated keys so I am assuming I just need to import the one pkcs12 file, but I want to be sure?

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809fcf91.shtml#copycert

How to copy SSL certificates from one ASA to another

This can be done if you had generated exportable keys. You need to export the certificate to a PKCS file. This includes exporting all of the associated keys.

Use this command to export your certificate via CLI:

ASA(config)#crypto ca export <trust-point-name> pkcs12 <passphrase>

Note: Passphrase - used to protect pkcs12 file.

Use this command to import your certificate via CLI:

SA(config)#crypto ca import <trust-point-name> pkcs12 <passphrase>

Thanks,

Mark

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re:Copy SSL Cert and Key's from old ASA5520 to new ASA5545-X

Hi,

yes, the pkcs12 certificate includes the private key, as opposed to pb7 which does not.

Sent from Cisco Technical Support Android App

------------------ Mashal Shboul
2 REPLIES
Bronze

Re:Copy SSL Cert and Key's from old ASA5520 to new ASA5545-X

Hi,

yes, the pkcs12 certificate includes the private key, as opposed to pb7 which does not.

Sent from Cisco Technical Support Android App

------------------ Mashal Shboul
New Member

Re:Copy SSL Cert and Key's from old ASA5520 to new ASA5545-X

Thank you Mashal!

231
Views
0
Helpful
2
Replies