Cisco ASA 5505 User Manual

Page 1024

Advertising
background image

48-42

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 48 Configuring the Cisco Phone Proxy

Troubleshooting the Phone Proxy

The SAST keys can be seen via the show crypto key mypubkey rsa command. The SAST keys are
associated with a trustpoint that is labeled _internal_ctl-file_name_SAST_X where ctl-file-name is the
name of the CTL file instance that was configured, and X is an integer from 0 to N-1 where N is the
number of SASTs configured for the CTL file (the default is 2).

Step 1

On the ASA, export all the SAST keys in PKCS-12 format by using the crypto ca export command:

hostname(config)# crypto ca export _internal_ctl-file_name_SAST_X pkcs12 passphrase

hostname(config)# Exported pkcs12 follows:

MIIGZwIBAzCCBiEGCSqGSIb3DQEHAaCCBhIEggYOMIIGCjCCBgYGCSqGSIb3DQEH

[snip]

MIIGZwIBAzCCBiEGCSqGSIb3DQEHAaCCBhIEggYOMIIGCjCCBgYGCSqGSIb3DQEH

---End - This line not part of the pkcs12---

hostname(config)# crypto ca export _internal_ctl-file_name_SAST_X pkcs12 passphrase

hostname(config)# Exported pkcs12 follows:

MIIGZwIBAzCCBiEGCSqGSIb3DQEHAaCCBhIEggYOMIIGCjCCBgYGCSqGSIb3DQEH

[snip]

mGF/hfDDNAICBAA=

---End - This line not part of the pkcs12---

hostname(config)#

Note

Save this output somewhere secure.

Step 2

Import the SAST keys to a new ASA.

a.

To import the SAST key, enter the following command:

hostname(config)# crypto ca import trustpoint pkcs12 passphrase

Where trustpoint is _internal_ctl-file_name_SAST_X and ctl-file-name is the name of the CTL file
instance that was configured, and X is an integer from 0 to 4 depending on what you exported from
the ASA.

b.

Using the PKCS-12 output you saved in

Step 1

, enter the following command and paste the output

when prompted:

hostname(config)# crypto ca import _internal_ctl-file_name_SAST_X pkcs12 passphrase

hostname(config)# Enter the base 64 encoded pkcs12.

hostname(config)# End with the word "quit" on a line by itself:

MIIGZwIBAzCCBiEGCSqGSIb3DQEHAaCCBhIEggYOMIIGCjCCBgYGCSqGSIb3DQEH

[snip]

muMiZ6eClQICBAA=

hostname(config)# quit

INFO: Import PKCS12 operation completed successfully

hostname(config)# crypto ca import _internal_ctl-file_name_SAST_X pkcs12 passphrase

hostname(config)# Enter the base 64 encoded pkcs12.

hostname(config)# End with the word "quit" on a line by itself:

MIIGZwIBAzCCBiEGCSqGSIb3DQEHAaCCBhIEggYOMIIGCjCCBgYGCSqGSIb3DQEH

[snip]

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals