Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1136
Views
0
Helpful
2
Replies

Certificate device_cert_key.p12 is near expiration.....

Go to solution
johng231
Level 3
Level 3

‎06-29-2011 07:07 AM

Is there a way I can delete a self assigned local cert so It don't have to worry about it expiring? I had created it for testing purposes.  When I tried to delete it using the common name "server.domain.com", it doesn't let me.

Certificate device_cert_key.p12 is near expiration. It is configured as machine cert in global settings    

Issued To
Common Name:server.domain.com
Email:name@domain.com
Organization:Cisco Systems
Organization Unit:WAAS
Locality:San Jose
State:California
Country:US
Serial Number:1279988218916
Issued By
Common Name:server.domain.com
Email:name@domain.com
Organization:Cisco Systems
Organization Unit:WAAS
Locality:San Jose
State:California
Country:US
Validity
Issued On:Sat Jul 24 16:16:58 UTC 2010
Expires On:Sun Jul 24 16:16:58 UTC 2011
Fingerprint
SHA1:E3:04:2E:C0:6A:C4:7C:44:DB:56:C9:3F:51:D8:5F:C7:8E:BA:D1:DA
Base64:4wQuwGrEfETbVsk/Udhfx4660do=
Key
Type:SHA1WithRSAEncryption
Size (Bits):1024
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nicolas Fournier
Cisco Employee
Cisco Employee

‎06-30-2011 01:43 AM

Hi John,

You'll always need to have a cert assigned to your WAE so if you want to get rid of this alarm, you can generate another certificate with a longer validity period and assign it to your device:

WAVE-474-1#crypto generate self-signed-cert test.p12 rsa modulus 1024 
Generating a 1024 bit RSA private key
....++++++
..............++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [California]:
Locality Name (eg, city) [San Jose]:
Organization Name (eg, company) [Cisco Systems]:
Organizational Unit Name (eg, section) [ADBU]:
Common Name (eg, YOUR name) [www.cisco.com]:
Email Address [tac@cisco.com]:
Self signed certificate successfully generated
WAVE-474-1#conf t
WAVE-474-1(config)#crypto ssl services global-settings machine-cert-key test.p12 
WAVE-474-1(config)#

More info on the procedure can be found under the following bug release notes:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCte05426

Regards,

Nicolas

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Nicolas Fournier
Cisco Employee
Cisco Employee

‎06-30-2011 01:43 AM

Hi John,

You'll always need to have a cert assigned to your WAE so if you want to get rid of this alarm, you can generate another certificate with a longer validity period and assign it to your device:

WAVE-474-1#crypto generate self-signed-cert test.p12 rsa modulus 1024 
Generating a 1024 bit RSA private key
....++++++
..............++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [California]:
Locality Name (eg, city) [San Jose]:
Organization Name (eg, company) [Cisco Systems]:
Organizational Unit Name (eg, section) [ADBU]:
Common Name (eg, YOUR name) [www.cisco.com]:
Email Address [tac@cisco.com]:
Self signed certificate successfully generated
WAVE-474-1#conf t
WAVE-474-1(config)#crypto ssl services global-settings machine-cert-key test.p12 
WAVE-474-1(config)#

More info on the procedure can be found under the following bug release notes:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCte05426

Regards,

Nicolas

0 Helpful

Go to solution
johng231
Level 3
Level 3
In response to Nicolas Fournier

‎06-30-2011 06:38 AM

The factory self assign is not the one that has expired. It's the one that I've created for testing purposes. I figured out on how to delete it. Thanks for the info on the bug ID CSCte05426.

        Alarm ID                 Module/Submodule               Instance

   ---------------             --------------------          ---------------

   1 cert_near_expiration      sslao/SGS/gsetting           cert_near_expiration    

     Jun 25 01:40:17.657 UTC, Processing Error Alarm, #000076, 26000:26005

     Certificate device_cert_key.p12 is near expiration. It is configured as machine cert in global settings

crypto delete pkcs12 device_cert_key.p12

show crypto certificate-detail  factory-self-signed

Bag Attributes

    localKeyID: 2A 2A BA 01 B8 C0 17 8C 9B A9 7F 23 43 D8 66 DA 3C B3 02 07

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number: 29 (0x1d)

        Signature Algorithm: sha1WithRSAEncryption

        Issuer: C=US, ST=California, L=San Jose, OU=ADBU, O=Cisco Systems, CN=NO-HOSTNAME/emailAddress=tac@cisco.com

        Validity

            Not Before: Jan 15 19:55:12 2009 GMT

            Not After : Jan 14 19:55:12 2014 GMT

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card