Cisco Asa Export Certificate


The fact I wrote this post is to clear what happens with the RSA keys if I move the whole configuration and certificates and their private keys to another firewall with the same IP Address. IF the IP has changed the migration ofthe certificate has not much sense if the certificate is based on IP.
The RSA keys shown with the “show cry key mypubkey rsa” command cannot be just copied to the new system AFAIK. But if you have a certificate and that uses one of your RSA keys, than it can be exported.
For example if you have a configuration:

Filmora 7.8 1 crack bandicam. It means you have an RSA key with the name ssl-vpn-keys, that you can move to the new system. That is what I post here.

0. Start your tftp server first and make sure you can connect to it :-) (Its funny but the most of the time of such a job is sometimes a stupid troubleshooting with a simple tftp server and for example with a local firewall or HIPS on the tftp server. I cant repeat, why cant we just use linux?!)

1. save the running config to the tftp server

2. Export the certificates with privet keys

I have a Cisco 5510 firewall and I am having trouble to find a way to export and import the configurations I made. I know ASA can save the configuration to a tftp server by using the command: copy flash tftp But how can I import the configuration? Thanks for the help. This post provides step-by-step procedure to export/import the SSL certificate used by the Cisco ASA using CLI and ASDM. Export/Import via CLI View the current CA/Identity certificate and identify the Trustpoint. Show crypto ca certificates September 28, 2019 integratingit Leave a comment. Change the CN field on the CSR, for the subdomains you would like to include, example.cisco.com will cover vpn.cisco.com, webvpn.cisco.com, etc Install a certificate that is already created. In order to install a certificate which CSR was not generated on the ASA, it needs to be in a pkcs12 format, this contains the private key and the.

This will export the security appliance trustpoint configuration with all associated keys and certificates in PKCS12 format

myfirewall01(config)# crypto ca export MyTrustpoint1 pkcs12 MySecretPassword

Keep on eyes on the following files and do not forget the last one:
– ASA image
– ASDM image
– Anyconnect image
– Csd image
– Anyconnect xml profile
– and whatever important file you have on your origin ASA!

Cisco Asa Export Certificate

Cisco Asa Export Certificate Private Key Cli

3. Customize the interface settings to the new firewall on the exported config file:
The name of the new firewall can be different, like Gigabitethenet or just Ethernet. Maybe you have to skip it, but worth to check. An example is below:

Interface configuration of the original Firewall:

Cisco Asa Export Identity Certificate Cli

Customized Interface configuration of the New (Destination) Firewall:

4. Install the same OS and ASDM version of the destination firewall first.
So do not forget the following files:
– ASA image
– ASDM image
– Anyconnect image
– Csd image
– Anyconnect xml profile
– and whatever you have on your Origin ASA!

5. Import the certificates with the keys
The “pkcs12” in import command tells the ASA to import a certificate and key pair for a trustpoint, using PKCS12 format.

myfirewall01(config)# crypto ca import MyTrustpoint1 pkcs12 MySecretPassword


Cisco Asa Product Line

6. Import the customized running configuration to the new firewall and check the warning or error messages.

Cisco Asa Download

myfirewall01(config)# copy tftp run

Cisco Asa Comparison


Cisco Asa Export Certificate

Whatever key name you used, after the cry ca export the keys will be renamed to the trustpoint name. Check it with the “sh cry key mypubkey rsa” command on the original system and on the new system.

Cisco Asa Export Certificate Template

Posted in: ASA, Cisco, Security, VPN