# Firewall

# ASA Crypto

Updated TLS cert on an ASA used for anyconnect and assigned it to interfaces- but users are presented with angry red "insecure site" warning on expiration day.

Thats because ASA is a salty bitch and keeps using the old cert for IKEv2

To correct the issue  
\#no crypto ikev2 remote-access trustpoint ASDM\_TrustPoint4 (Old Expired certificate)  
\#crypto ikev2 remote-access trustpoint ASDM\_TrustPoint0 (New trustpoint for new certificate)

Now the new certificate is applied to ikev2

verify:

sh run | in ASDM\_TrustPoint0  
crypto ca trustpoint ASDM\_TrustPoint0  
crypto ca certificate chain ASDM\_TrustPoint0  
crypto ikev2 remote-access trustpoint ASDM\_TrustPoint0  
ssl trust-point ASDM\_TrustPoint0 outside