. Skip to main content

ASA Crypto

Updated TLS cert on an ASA used for anyconnect and assigned it to interfaces- but users are presented with angry red "insecure site" warning on expiration day. 

Thats because ASA is a salty bitch and keeps using the old cert for IKEv2

To correct the issue
#no crypto ikev2 remote-access trustpoint ASDM_TrustPoint4 (Old Expired certificate)
#crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 (New trustpoint for new certificate)

Now the new certificate is applied to ikev2

verify:

sh run | in ASDM_TrustPoint0
crypto ca trustpoint ASDM_TrustPoint0
crypto ca certificate chain ASDM_TrustPoint0
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
ssl trust-point ASDM_TrustPoint0 outside