0 Replies Latest reply: Oct 22, 2012 11:24 AM by Twitch RSS

    ASA CA Certificate Request Question

    Twitch

      Hello all. Question - will generating a certificate request on a Cisco ASA 5510 remove an existing self-signed certificate? I generated a certificate request on Friday (via an ASDM connection) in order to request a certificate from a Certificate Authority for PCI Compliance, and earlier this morning (Monday) the VPN connections configured on the ASA went down. Reloading the router (which, if my understanding is correct, generates a self-signed certificate) resolved the problem, and the VPNs came back up.

       

      I cannot find any documentation that says generating a certificate request will remove existing certificates (ie: self-signed). Is this the case? It almost seems like the ASA waited a certain amount of time before disabling the old certificate since there was a delay between the cert request and the failure of the VPNs. This would make sense since it takes a few days for the CA to generate the certificate.

       

      Any clarity would be greatly appreciated! New territory for me.

       

      Thanks.

       

      Twitch