Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN IPSEC using certificate for authentication.


I have a quesion concerning, the set up of VPN IPSEC using certificate for authentication not pre-shared key. The situation is that you have generated a  rsa key, then a csr, which has been signed by a CA. You have installed the root and identity on the device, your VPN tunnel is fine. I would like to know, if the rsa key used to create the certificate is destroyed by generating a new key ( this also destroy the identity certificate,  but imagine that you imported the identity certificate, does this will work, or is it necessary to go through the all process ( csr, signing by CA ..... ).

Thanks for your help.



Re: VPN IPSEC using certificate for authentication.

Removing the private key (RSA Key) does not delete your ceritificate, however it does leave your certificate invalid since there is no longer a private key with which to decrypt and sign your information, importing the certificate will not help because the private key is kept on the Device where the CSR was generated and the ID certificate will only have your public key, this unless your CA generated your ID and private key and sent it to you in a pkcs12 format. If that happened (deleted they key) you would need to request a new certificate.

Community Member

Re: VPN IPSEC using certificate for authentication.

Hello Ivan,

Sorry for the delay, and thanks for your answer. It is what I thought but unsure.


David Chosrova.

CreatePlease to create content