Solved: The certificate (or more

veltech · ‎05-04-2014

Hi All,

We have just finished testing a new configuration on an ASA 5510 for Any Connect. During testing we used a self signed certificate but now want to install a full certificate from a CA. The question is what is the best way to remove the old self generated certificate so we don't get any conflicts when installing the new certificate?

We are looking at Go Daddy for the SSL cert, anyone have any other recommendations ?

Thanks,

Karsten Iwen · ‎05-04-2014

The certificate (or more accurate: the trustpoint) is assigned to the interface. If you configure a new trustpoint for your new certificate and assign that trustpoint to your outside interface, then nothing will conflict. If you want you can still use your self-signed certificate for the inside interface. But of course you can also delete it.
There are so many CAs that you can choose from. Some customers of me use Entrust, others Thawte. I got mine from StartSSL. It's your choice. It's more about cost and reputation.

View solution in original post

Karsten Iwen · ‎05-04-2014

The certificate (or more accurate: the trustpoint) is assigned to the interface. If you configure a new trustpoint for your new certificate and assign that trustpoint to your outside interface, then nothing will conflict. If you want you can still use your self-signed certificate for the inside interface. But of course you can also delete it.
There are so many CAs that you can choose from. Some customers of me use Entrust, others Thawte. I got mine from StartSSL. It's your choice. It's more about cost and reputation.

REMOVE A SELF SIGNED CERTIFICATE