8055730
asked on
Renewing SSL certificate without knowing the private key. CSR was not generated from ASA.
We renewed a SSL certificate today from Godaddy today but it was a legacy one so we don't have the private key. How do we install that and use that on the Cisco ASA? The CSR was not generated from the ASA. It is a little difficult as the CSR was not generated from the Cisco ASA. I saw a post about viewing the raw certificate itself and compare that with the new certificate and they look different.
ASKER
The systems admin renewed it directly on the GoDaddy server where the previous had expired so that seemed like the right one to do. So that what we have. I wasn't involved after it has been renewed but did generate a new csr in case a new cert can be bought. Just trying to see what we can do with to install this new certificate now. thx!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I did it recently on GoDaddy during the validity lifespan of cert and it did not cost anything
ASKER
Was able to get external assistance.
Where was the cert generated and what format is it in? If it was generated on windows server you may need to transform the cert into pem or other format using OpenSSL:
https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html