Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Renewing SSL WebVPN Cert on ASA5540


The SSL Web VPN certificate on my ASA 5540 pair is expiring. I have received a new certificate from COMODO. The current certificate was created 3 years ago using 1024 bit key. I have rceived a Certificate from CA. The CSR request was generated by my colleague who is on vacation, unfortunately.

a. Now I am trying to figure whether it was 2048 key CSR request?

b. I am also not sure whether I need a new Identiti Certificate and new key pair with 2048 size?

c. Also not too sure about Trust Point to associate with they key.

d. Can I use all old settings and just copy paste the certificate?

e. Also what I will have to do on secondary ASA??               

I am guessing that since I am just renewing the certificate I don’t have to follow all steps. For the following link it looks like I just need to start from step 8. Can anyone please confirm or suggest a better link!!

  • VPN
Hall of Fame Super Silver

Renewing SSL WebVPN Cert on ASA5540

That procedure is a good one to follow. You should see the pending certificate request if indeed the CSR was made from that ASA. Once you import and save and validate the new certificate is being used, you should be OK. The bottom of that procedure addresses the steps to synchronize the certificate on the standby unit.

The trustpont your SSL VPN is using should be the one bound to the outside interface. It is identified in the configuration file with a line like:

     ssl trust-point outside

You can find it in ASDM by using the tool for command line and ending the command "show run | i trust-point"

This widget could not be displayed.