49-9
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter4 9 Configuring Failover
Additional Steps for an Active/Standby Failover Configuration
Additional Steps for an Active/Standby Failover Configuration
Cisco Security Manager lets you authenticate a PIX/ASA/FWSM device by validating the certificate
installed on the device. When configuring firewalls in an active/standby failover configuration, you must
manually copy the certificate from the active device to the standby device so that Security Manager can
communicate with the standby device after a failover occurs.
The following procedures describe how to export or display the identity certificate, CA certificate, and
keys for a security appliances in your network using ASDM, and then import that information onto a
standby device using ASDM.
Exporting the Certificate to a File or PKCS12 data, page 49-9
Importing the Certificate onto the Standby Device, page49-9

Exporting the Certificate to a File or PKCS12 data

To export a trustpoint configuration, follow these steps using ASDM:
Step 1 Go to Configuration > Features > Device Administration > Certificate > Trustpoint > Export.
Step 2 Fill in the Trustpoint Name, Encryption Passphrase, and Confirm Passphrase fields. For information on
these fields, click Help.
Step 3 Select a method for exporting the trustpoint configuration.
Export to a File—Type the filename or browse for the file.
Display the trustpoint configuration in PKCS12 format—Display the entire trustpoint configuration
in a text box and then copy it for importing. For more information, click Help.
Step 4 Click Export.

Importing the Certificate onto the Standby Device

To import a trustpoint configuration, follow these steps using ASDM:
Step 1 Go to Configuration > Features > Device Administration > Certificate > Trustpoint > Import.
Step 2 Fill in the Trustpoint Name, Decryption Passphrase, and Confirm Passphrase fields. For information on
these fields, click Help. The decryption passphrase is the same as the encryption passphrase used when
the trustpoint configuration was exported.
Step 3 Select a method for importing the trustpoint configuration.
Import from a File—Type the filename or browse for the file.
Enter the trustpoint configuration in PKCS12 format—Paste the entire trustpoint configuration from
the exported source into a text box. For more information, click Help.