Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Export private key from PIX


I am upgrading from PIX 515 to ASA 5520 and I need to export the private keys generated on PIX with command `crypto key generate rsa` to ASA. That's because I want to reuse on ASA the certificate generated by CA for PIX. Is there a way to acomplish this task other then re-generate new keypair on ASA and re-enroll it on CA? Please advise.

  • VPN

Re: Export private key from PIX

When two devices use an Identity Certificate to initiate VPN negotiations, they actually need to prove they are actually the devices for which those certificates were issued. Following this idea, each device needs to provide certain information to the CA server in order to get this certificate properly signed by it. When two devices need to use certificates to initiate a VPN tunnel, they should not be able to use the certificate from another device to authenticate themselves. Hence it is going to be necessary to enroll the ASA device against the CA server in order to have the option to use certificates.

This widget could not be displayed.