Skip to main content

 

 

Cisco Defense Orchestrator

Replacing the Certificate on the ASA FirePOWER module 6.2.2

This procedure is a prerequisite to onboarding an ASA FirePOWER module version 6.2.2. 

To replace the self-signed certificate used by the management interface on the ASA FirePOWER module 6.2.2, you need to generate a new certificate and store it on the disk in the /etc/ssl directory for the ASA FirePOWER module, in place of the server.crt and server.key files.

To replace the certificate on an ASA FirePOWER module 6.2.2 follow this procedure:

  1. Log in to the ASA FirePOWER module using the appropriate steps:
  1. SSH to the ASA.
  2. Type enable at the command prompt and enter your administrator password when prompted.
  3. Enter session sfr to connect to the ASA FirePOWER module.
  4. Enter your administrator username and password.
  5. At the ASA FirePOWER module prompt, type expert to enter into a shell.
  1. Elevate your privileges to the root user by typing sudo su at the prompt. For example:

admin@firepower:~$ sudo su

  1. When prompted, enter the admin password.
  2. Connect to the directory where the server.crt and server.key files are stored:
  • On the ASA FirePOWER module, connect to the /etc/ssl directory. 
  1. Move or rename the existing server.crt and server.key files in the directory in case you need to restore them. 
  2. Using OpenSSL, generate a new self-signed certificate using this command: 

openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 365 -nodes

  1. Reboot the ASA FirePOWER module.
  • Was this article helpful?