Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2086
Views
30
Helpful
2
Replies

Command show crypto pki certificates at switch

Leftz
Level 4
Level 4

‎03-03-2022 01:50 PM - edited ‎03-03-2022 02:16 PM

Hi Please see the below. I am not sure it has so many certificates and its meaning. Anyone can explain it briefly or send link? Thank you!

Note: Some sn already changed due to security reason.

 

Switch10#show crypto pki certificates
Certificate
Status: Available
Certificate Serial Number (hex): 3C221
Certificate Usage: General Purpose
Issuer:
cn=Cisco Manufacturing CA SHA2
o=Cisco
Subject:
Name: WS-C3650-24PDM-3
Serial Number: PID:WS-C3650-24PDM SN:FDO
cn=WS-C3650-24PDM-380E
serialNumber=PID:WS-C3650-24PDM SN:FD
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/cmca2.crl
Validity Date:
start date: 10:08:15 UTC Oct 27 2017
end date: 10:18:15 UTC Oct 27 2027
Associated Trustpoints: CISCO_IDEVID_SUDI

Certificate
Status: Available
Certificate Serial Number (hex): 2D1
Certificate Usage: General Purpose
Issuer:
cn=Cisco Manufacturing CA
o=Cisco Systems
Subject:
Name: WS-C3650-24PDM-380E4
Serial Number: PID:WS-C3650-24PD
cn=WS-C3650-24PDM-380E4D
serialNumber=PID:WS-C3650-24PD
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/cmca.crl
Validity Date:
start date: 10:01:10 UTC Oct 27 2017
end date: 10:11:10 UTC Oct 27 2027
Associated Trustpoints: CISCO_IDEVID_SU

CA Certificate
Status: Available
Certificate Serial Number (hex): 02
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA M2
o=Cisco
Subject:
cn=Cisco Manufacturing CA SHA2
o=Cisco
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/crcam2.crl
Validity Date:
start date: 08:50:58 UTC Nov 12 2012
end date: 08:00:17 UTC Nov 12 2037
Associated Trustpoints: CISCO_IDEVID_SUDI Trustpool

CA Certificate
Status: Available
Certificate Serial Number (hex): 01
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA M2
o=Cisco
Subject:
cn=Cisco Root CA M2
o=Cisco
Validity Date:
start date: 08:00:18 UTC Nov 12 2012
end date: 08:00:18 UTC Nov 12 2037
Associated Trustpoints: CISCO_IDEVID_SUDI0 Trustpool

CA Certificate
Status: Available
Certificate Serial Number (hex): 6A696
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA 20
o=Cisco Systems
Subject:
cn=Cisco Manufacturing CA
o=Cisco Systems
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/crca2048.crl
Validity Date:
start date: 17:16:01 UTC Jun 10 2005
end date: 15:25:42 UTC May 14 2029
Associated Trustpoints: CISCO_IDEVID_SUDI_LEGACY Trustpool

CA Certificate
Status: Available
Certificate Serial Number (hex): 5FF
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA 204
o=Cisco Systems
Subject:
cn=Cisco Root CA 204
o=Cisco Systems
Validity Date:
start date: 15:17:12 UTC May 14 2004
end date: 15:25:42 UTC May 14 2029
Associated Trustpoints: CISCO_IDEVID_SUDI_LEGACY0 Trustpool

Router Self-Signed Certificate
Status: Available
Certificate Serial Number (hex): 01
Certificate Usage: General Purpose
Issuer:
cn=IOS-Self-Signed-Certificate-2334
Subject:
Name: IOS-Self-Signed-Certificate-2334
cn=IOS-Self-Signed-Certificate-23343
Validity Date:
start date: 11:39:38 UTC Nov 9 2018
end date: 19:00:00 UTC Dec 31 2019
Associated Trustpoints: TP-self-signed-233438
Storage: nvram:IOS-Self-Sig#1.cer

2 Replies 2

Rob Ingram
VIP
VIP

‎03-03-2022 02:00 PM

@Leftz already answered this question in your other post https://community.cisco.com/t5/network-security/tenable-message-report-some-vulnerability-at-some-switch/m-p/4563627

 

Search the config for the associated trustpoint name to determine what is referencing the trustpoint. Probably the Web gui and smart call home cert.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card