Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

REMOVE A SELF SIGNED CERTIFICATE

Hi All,

 

We have just finished testing a new configuration on an ASA 5510 for Any Connect. During testing we used a self signed certificate but now want to install a full certificate from a CA. The question is what is the best way to remove the old self generated certificate so we don't get any conflicts when installing the new certificate?

 

We are looking at Go Daddy for the SSL cert, anyone have any other recommendations ?

 

Thanks,

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

The certificate (or more

  1. The certificate (or more accurate: the trustpoint) is assigned to the interface. If you configure a new trustpoint for your new certificate and assign that trustpoint to your outside interface, then nothing will conflict. If you want you can still use your self-signed certificate for the inside interface. But of course you can also delete it.
  2. There are so many CAs that you can choose from. Some customers of me use Entrust, others Thawte. I got mine from StartSSL. It's your choice. It's more about cost and reputation.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
1 REPLY
VIP Purple

The certificate (or more

  1. The certificate (or more accurate: the trustpoint) is assigned to the interface. If you configure a new trustpoint for your new certificate and assign that trustpoint to your outside interface, then nothing will conflict. If you want you can still use your self-signed certificate for the inside interface. But of course you can also delete it.
  2. There are so many CAs that you can choose from. Some customers of me use Entrust, others Thawte. I got mine from StartSSL. It's your choice. It's more about cost and reputation.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
160
Views
0
Helpful
1
Replies