cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
280
Views
10
Helpful
6
Replies
Highlighted
Beginner

How to see crypto certificate in running-config

Hi the community,

I have 2 ASR1001-X withe the same IOS version and the two have

crypto pki trustpoint TP-self-signed-XXXXXXX

....

and

crypto pki certificate chain TP-self-signed-XXXX.

 

When I do a sh run on the first-one I can see the crypto pki certificate in hexa format but not on the second one.

 

What ise the way to see it ?

 

For exemple:

crypto pki certificate chain TP-self-signed-396455978
certificate self-signed 01
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33393634 35353937 38301E17 0D313931 32313830 38333135

.......

 

Thank in advance.

Everyone's tags (2)
6 REPLIES 6
Highlighted
Beginner

Re: How to see crypto certificate in running-config

To display the RSA public keys of your router/firewall, use the show crypto key mypubkey rsa command in privileged EXEC mode.

Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies
Highlighted
Beginner

Re: How to see crypto certificate in running-config

Thank you for your response but it is not what I need.

 

In fact this commande show another certificats.

 

I juste want to see the certificat chain like on the first router when I do a show running-config.

 

Regards.

Beginner

Re: How to see crypto certificate in running-config

If "show running-config | begin crypto" doesn't show any self-signed certificate then it mean certificate is not available on that device, try adding a new self-signed certificate and see either it is reflecting in your running configuration.

You can generate self-signed certificate using this setup of commands.


ip domain name ccie.study.com

ip http secure-server

Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies
Highlighted
Beginner

Re: How to see crypto certificate in running-config

Hi Muhammad,

 

When I issue the commande I've got a fail message as you can see below

 

RTR-DC-01(config)#ip http secure-server
Failed to generate persistent self-signed certificate.
Secure server will use temporary self-signed certificate.

 

The problem is certainly here. Now I have to to find why.

Regards.

Highlighted
Beginner

Re: How to see crypto certificate in running-config

Do you have updated IOS?

There are some know bugs in old IOS; give it a try after update IOS

 

Reference:

 

https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215118-ios-self-signed-certificate-expiration-o.html

Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies
Highlighted
Beginner

Re: How to see crypto certificate in running-config

Muhammad,

 

You're maybe right but I have the same router with the same IOS that show me the certificat chain I don't think that the IOS version is my problem cause.

 

I'm in the 16.06.07 IOS version. Tha last version suggested by cisco

 

Regards.

CreatePlease to create content
Content for Community-Ad