Export an Identity Certificate

You can export and import the keypair and issued certificates associated with a trustpoint in PKCS12 or PEM format. This format is useful to manually duplicate a trustpoint configuration on a different ASA.

Procedure

Step 1

In the navigation menu, click Security Devices.

Step 2

Click the Devices tab.

Step 3

Click the ASA.

Step 4

Select the ASA device and in the Management on the right, click Trustpoints.

Step 5

Click the identity certificate to export the certificate configuration. Alternatively, you can search for the certificate by entering its name in the search field.

Step 6

In the Actions pane on the right, click Export Certificate.

Step 7

Choose the certificate format by clicking the PKCS12 Format or the PEM Format.

Step 8

Enter the encryption passphrase used to encrypt the PKCS12 file for export.

Step 9

Confirm the encryption passphrase.

Step 10

Click Export to export the certificate configuration.

An information dialog box appears, informing you that the certificate configuration file has been successfully exported to the location that you specified.

What to do next

If you want to view the downloaded identity certificate, execute the following commands in the directory where the certificate was downloaded:
  1. To decode certificate in base64 format:
    openssl base64 -d -in <file_name>.p12 -out <file_name>_b64.p12
  2. To view certificate: 
    openssl pkcs12 -in <file_name>_b64.p12 -passin pass:<password>